BIND 10 #496: Data scrubbing

BIND 10 Development do-not-reply at isc.org
Tue Feb 1 11:09:13 UTC 2011 

#496: Data scrubbing
-------------------------------------+-------------------------------------
                 Reporter:  shane    |                Owner:  stephen
                     Type:           |               Status:  reviewing
  enhancement                        |            Milestone:  R-Team-
                 Priority:  major    |  Sprint-20110208
                Component:           |           Resolution:
  resolver                           |            Sensitive:  0
                 Keywords:           |  Add Hours to Ticket:  0
Estimated Number of Hours:  5.0      |          Total Hours:  0
                Billable?:  1        |
                Internal?:  0        |
-------------------------------------+-------------------------------------
Changes (by jelte):

 * owner:  jelte => stephen


Comment:

 Note; I've pushed a small change; changed the {{{//}}} comments in the
 first two methods to {{{///}}} for doxygen, and the same for the enum.

 Some minor comments about the introduction in response_scrubber.h; First
 paragraph of text contains a weird sentence. Oh and signed responses can
 also contain unsigned data (like glue), so it is a bit incomplete at the
 moment. Kudos on the extensive descriptions :)

 Code doesn't compile for me... due to the inclusion of asio.hpp. Now that
 I see this, I remember why Evan made the asiolink abstraction in the first
 place; it was to remove direct references to asio.hpp so compiler soothing
 tricks would only need to go there. We have a wrapper around endpoints for
 that, IOEndpoint, so I think we should use that instead of direct
 asio::ip::udp::endpoints.

 Apart from that, the code looks ok (there might be room for some
 optimization in the scrubbing loop that restarts itself though, but oh
 well, premature optimization and all that.).

 I'm not entirely sure about the usage of this though. In principle we
 could keep track of what delegation we are following, or whatever comes
 out of the NSAS, but not in all cases are we directly following a
 delegation (in which case the 'bailywick' would probably be root, and
 nothing is removed). There are more things eligible for scrubbing;
 authority rrs that don't match anything in either the question or the
 answer section (in this case, 'match' would be same-or-superdomain-of),
 and the same for additional except some special cases like TSIG.

 Of course one question is how much of this would be 'scrubbing' and how
 much 'normal' handling of response packets.

-- 
Ticket URL: <http://bind10.isc.org/ticket/496#comment:4>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list