[bind10-dev] XfrOut questions

Jerry jerry.zzpku at gmail.com
Tue Jul 12 05:27:54 UTC 2011 

> Hi vorner,
> 
> Hopely my input will do some help to you.
> 
> > I believe there are few strange things in XfrOut.
> >
> > One of them is, every time I want to modify it, it takes quite a lot of
> time to get
> > trough it to find out where. I don't know why, maybe just the C++ is more
> strict in
> > its typing, so it is easier to follow.
> 
> From some experience, maybe it's caused by some exception catched too
> generally,
> 
>  try
>     Some code
>  except Exception as e:
>     Print (e)
> 
>  So if the Exception is changed as concrete exception, it will make the
> code easy to debug.
> 
> 
> > Anyway, while reading trough it today, I found two concrete things:
> > • This is at the beginning of the program:
> >
> >   try:
> >       from libutil_io_python import *
> >       from pydnspp import *
> >   except ImportError as e:
> >       # C++ loadable module may not be installed; even so the xfrout
> process
> >       # must keep running, so we warn about it and move forward.
> >       log.error(XFROUT_IMPORT, str(e))
> >
> >   This makes sure the program starts even when it can't load the DNS
> library.
> >   I didn't try it, but I think it will simply crash the first time any
> request
> >   comes, since it won't be able to parse. Or, maybe the exception will be
> caught
> >   and the request dropped.
> >
> >   But, the question is, why is it so important to have the program
> running even
> >   when it is completely useless, instead of being a nice program and
> complaining
> >   loudly that the installation is corrupted?
> 
> The code was suggested at beginning, since sometime, the dns library is not
> installed properly, xfrout process will report import error and exit, but
> bind10 will always try to restart xfrout, even the user just use b10-auth
> process, so we ignored the import error, and make xfrout process can be
> started without dns library.
> 
> Xfrout will check if dns library is imported when it processes one xfr
> query.
> 
> Maybe we can remove the checking for import dns library, since bind10 is
> more robust now.
> 
> > • Looking at the spec file, it seems XfrOut is using its own TSIG keyring
> instead of
> >   the global one. Is there any reason for this?
> 
> I don't know.

Xfrout should be able to configure TSIG key for each zone, there is a TODO task for it: http://bind10.isc.org/ticket/943. So the spec file will be updated after #943 has been done.

--
Jerry

More information about the bind10-dev mailing list