BIND 10 #496: Data scrubbing
BIND 10 Development
do-not-reply at isc.org
Tue Feb 1 12:41:06 UTC 2011
#496: Data scrubbing
-------------------------------------+-------------------------------------
Reporter: shane | Owner: stephen
Type: | Status: reviewing
enhancement | Milestone: R-Team-
Priority: major | Sprint-20110208
Component: | Resolution:
resolver | Sensitive: 0
Keywords: | Add Hours to Ticket: 0
Estimated Number of Hours: 5.0 | Total Hours: 0
Billable?: 1 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by stephen):
To reply to the following point before I get down to tackling the
comments:
> I'm not entirely sure about the usage of this though. In principle we
could keep
> track of what delegation we are following, or whatever comes out of the
NSAS,
When querying the NSAS, you need to give the zone for which the
nameservers are required. This is the bailiwick against which the
response from those servers is checked. As to usage, the intent is to
pass the message through the data scrubbing which strips out anything that
could be considered suspect. After this step, all code can assume that
the data in the response is valid and process it accordingly (in other
words, cache it without fear of poisoning the cache).
--
Ticket URL: <http://bind10.isc.org/ticket/496#comment:5>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list