[bind10-dev] XfrOut questions
Jerry
jerry.zzpku at gmail.com
Tue Jul 12 05:27:54 UTC 2011
> Hi vorner,
>
> Hopely my input will do some help to you.
>
> > I believe there are few strange things in XfrOut.
> >
> > One of them is, every time I want to modify it, it takes quite a lot of
> time to get
> > trough it to find out where. I don't know why, maybe just the C++ is more
> strict in
> > its typing, so it is easier to follow.
>
> From some experience, maybe it's caused by some exception catched too
> generally,
>
> try
> Some code
> except Exception as e:
> Print (e)
>
> So if the Exception is changed as concrete exception, it will make the
> code easy to debug.
>
>
> > Anyway, while reading trough it today, I found two concrete things:
> > • This is at the beginning of the program:
> >
> > try:
> > from libutil_io_python import *
> > from pydnspp import *
> > except ImportError as e:
> > # C++ loadable module may not be installed; even so the xfrout
> process
> > # must keep running, so we warn about it and move forward.
> > log.error(XFROUT_IMPORT, str(e))
> >
> > This makes sure the program starts even when it can't load the DNS
> library.
> > I didn't try it, but I think it will simply crash the first time any
> request
> > comes, since it won't be able to parse. Or, maybe the exception will be
> caught
> > and the request dropped.
> >
> > But, the question is, why is it so important to have the program
> running even
> > when it is completely useless, instead of being a nice program and
> complaining
> > loudly that the installation is corrupted?
>
> The code was suggested at beginning, since sometime, the dns library is not
> installed properly, xfrout process will report import error and exit, but
> bind10 will always try to restart xfrout, even the user just use b10-auth
> process, so we ignored the import error, and make xfrout process can be
> started without dns library.
>
> Xfrout will check if dns library is imported when it processes one xfr
> query.
>
> Maybe we can remove the checking for import dns library, since bind10 is
> more robust now.
>
> > • Looking at the spec file, it seems XfrOut is using its own TSIG keyring
> instead of
> > the global one. Is there any reason for this?
>
> I don't know.
Xfrout should be able to configure TSIG key for each zone, there is a TODO task for it: http://bind10.isc.org/ticket/943. So the spec file will be updated after #943 has been done.
--
Jerry
More information about the bind10-dev
mailing list