[bind10-dev] 答复: Re: 答复: Re: How to load ACLs from database
Michal 'vorner' Vaner
michal.vaner at nic.cz
Thu Sep 20 13:26:46 UTC 2012
Hello
On Wed, Sep 19, 2012 at 11:22:44PM +0000, Tony Xue wrote:
> So if it's not so simple to do it in the source code, I will think about find a better way to implement this.
Actually, I remembered yet another way how it could be done. I don't think we'll
have time for it soon either, but it would be relatively easy to do in a proper
way.
Our ACL system is really flexible one. It allows adding new types of checks with
very small amount of code changes, just by writing a new class and registering
it somewhere. So there could be a check that'd examine the packet, did a lookup
in the database and said if it matches the database or not. You could have a
look into the existing checks in src/lib/acl.
While we don't support loading these classes dynamically (which means the main
code of bind10 needs to be changed and recompiled), it no deep changes of
design.
With regards
--
Anything is possible, unless it's not.
Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20120920/06a31df4/attachment.bin>
More information about the bind10-dev
mailing list