[bind10-dev] XfrOut questions

Likun Zhang zlkzhy at gmail.com
Tue Jul 12 01:38:35 UTC 2011 

Hi vorner,

Hopely my input will do some help to you.

> I believe there are few strange things in XfrOut.
> 
> One of them is, every time I want to modify it, it takes quite a lot of time to get
> trough it to find out where. I don't know why, maybe just the C++ is more strict in
> its typing, so it is easier to follow.

>From some experience, maybe it's caused by some exception catched too generally,

 try
    Some code
 except Exception as e:
    Print (e)

 So if the Exception is changed as concrete exception, it will make the code easy to debug.


> Anyway, while reading trough it today, I found two concrete things:
> • This is at the beginning of the program:
> 
>   try:
>       from libutil_io_python import *
>       from pydnspp import *
>   except ImportError as e:
>       # C++ loadable module may not be installed; even so the xfrout process
>       # must keep running, so we warn about it and move forward.
>       log.error(XFROUT_IMPORT, str(e))
> 
>   This makes sure the program starts even when it can't load the DNS library.
>   I didn't try it, but I think it will simply crash the first time any request
>   comes, since it won't be able to parse. Or, maybe the exception will be caught
>   and the request dropped.
> 
>   But, the question is, why is it so important to have the program running even
>   when it is completely useless, instead of being a nice program and complaining
>   loudly that the installation is corrupted?

The code was suggested at beginning, since sometime, the dns library is not installed properly, xfrout process will report import error and exit, but bind10 will always try to restart xfrout, even the user just use b10-auth process, so we ignored the import error, and make xfrout process can be started without dns library. 

Xfrout will check if dns library is imported when it processes one xfr query.

Maybe we can remove the checking for import dns library, since bind10 is more robust now.


> • Looking at the spec file, it seems XfrOut is using its own TSIG keyring instead of
>   the global one. Is there any reason for this?

I don't know.



Thanks
Likun

More information about the bind10-dev mailing list