[bind10-dev] DDNS acl then prereqs or vice versa
Jelte Jansen
jelte at isc.org
Tue Jun 5 16:02:55 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
as we all know, the DDNS RFC defines a slightly strange order of
processing the update request; if one follows the spec, than it would
perform prerequisite checking first, then go ahead and see if the
requestor is allowed to do an update in the first place.
I *thought* we had already agreed not to do this (but rather check ACL
first), but I can't really find any proof of that right now.
Reasons to follow spec: we are supposed to be a reference implementation.
Reasons not to follow spec: it makes no sense and leaks data. It also
causes unnecessary transactions (which must have been started to do
the prereq checking), but that is a relatively minor point.
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/OLa8ACgkQ4nZCKsdOncW1wwCdFcuckBOO9nIM3Av/lmuxia1P
OPcAn1dpsSlNHt5pmyvEMfs07n5bqQRR
=mxP+
-----END PGP SIGNATURE-----
More information about the bind10-dev
mailing list