[bind10-dev] Zone loading requirements, take 1

Shane Kerr shane at isc.org
Fri Mar 2 10:40:23 UTC 2012 

All,

In the spirit of old-style waterfall software engineering, we are going
to be doing more requirements documents. We know we need work on our
zone loader, so I've taken the liberty of typing some requirements up.
Here's a link to the current draft:

http://bind10.isc.org/wiki/ZoneLoadingRequirements

It turns out that loading a DNS master zone file is... non-trivial. :(

The idea is to use these requirements as input into a design document
(or several) about zone loading. I tried to resist going into design
here, even for areas that were obvious to me.

I did not read through every single DNS RFC, but I did look at the ones
that I remembered as being pertinent in the zone loading area. It is
likely that I missed some - DNS is big and hairy.

Please have a scan through the document, or read in great detail if you
are having trouble sleeping.

I have specific things to point out:

* I have specified that we should be able to load a stream as well as a
  file. It seemed natural, and like it would not add much code (if
  any), but it may also not be necessary.

* I have specified that we should be able to specify what is
  interpreted as a warning and what as an error. This may complicate
  things quite a bit, but I can see how an administrator may like this
  level of control. Possibly feature bloat though.

* I was thinking perhaps we need a 'pedantic' mode, where we disable
  BIND 9-ism. Perhaps some sort of version identifier for extensions
  may even be helpful (for example, in earlier versions of BIND 9 the
  $GENERATE directive was restricted to certain RR types for some
  unknown reason).

* I have specified that if no previous ownername is used then it is an
  error:

    SOA foo.example.com guy.example.com 2012030101 300 300 1209600 1800

  RFC 1035 is ambiguous, and BIND 9 treats this as an error.

* In principle one can load a zone with data at the same name as a
  CNAME. It's not supposed to be allowed, but I can imagine an
  administrator wanting to serve such a zone anyway. What does BIND 9
  do if this happens? What should we do?

* If no TTL is specified at all, RFC 1035 is ambiguous. I have
  specified this as a warning, and we use 3600. I think this is what
  BIND 9 does, but I'm not sure.

* I looked through all 11 tests that BIND 9 has for zone loading. We'll
  have a few more. ;) One test confuses me:

[shane at shane-desktop master]$ cat dns_master_load_10_data 
#
# test data for dns_master_load test 9
#
# format is:
#	masterfile origin class expected_result
# where
#	masterfile name is the name of a file containing master data
#	origin is the origin
#	class is the zone's class
# 	expected_result is a text representation of a dns_result_t
#
master10.data	test	in	ISC_R_SUCCESS
[shane at shane-desktop master]$ cat master10.data 
;
;	the following black line contains spaces

;
@	300	IN	A	10.0.0.1
	;
;

   How can this possibly load properly? Doesn't the first record of a
   zone have to be an SOA record? (And yes the comment for the
   configuration is wrong, it is test 10 not test 9.)

Finally, I note that if we do our tests correctly we can use them on
BIND 9 as well, or even other DNS servers (I hear there are several)....

Cheers,

--
Shane

More information about the bind10-dev mailing list