BIND 10 #249: review: auth server can return SERVFAIL with an answer
BIND 10 Development
do-not-reply at isc.org
Fri Jun 25 21:38:25 UTC 2010
#249: review: auth server can return SERVFAIL with an answer
-------------------------+--------------------------------------------------
Reporter: jinmei | Owner: jinmei
Type: defect | Status: reviewing
Priority: major | Milestone: 05. 3rd Incremental Release: Serious Secondary
Component: data source | Resolution:
Keywords: | Sensitive: 0
-------------------------+--------------------------------------------------
Comment(by jinmei):
Replying to [comment:8 each]:
> Suggestion for a way to combine both sorts of servfail handling:
Hmm...I'm not sure if this is the way to go (right now). We've fixed
known problems with try-catch + exception, so the explicit check for
rcode==SERVFAIL is redundant. For other cases, we are not even sure if
there's really a scenario that could cause it.
Although it might be embarrased if this really happened, that's not a type
of critical bug like a buffer overrun or cache poisoning. It may not even
be a protocol violation (RFC1035 doen't seem to say the answer section of
a SERVFAIL response must be empty, etc). So, adding an explicit case for
rcode=SERVFAIL seems to be a kind of premature optimization, which may
remain in the code for unknown reasons. I'd be rather make a separate
ticket where we analyze the other cases of SERVFAIL to determie whether we
can safely handle all of them as a really exceptional case and if not what
is the best way to handle them.
After that analysis, the hybrid approach may turn out to be the best
solution.
--
Ticket URL: <http://bind10.isc.org/ticket/249#comment:9>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list