BIND 10 #772: Update xfrout to use ACL checking library
BIND 10 Development
do-not-reply at isc.org
Fri Jul 15 19:45:41 UTC 2011
#772: Update xfrout to use ACL checking library
-------------------------------------+-------------------------------------
Reporter: | Owner: jinmei
stephen | Status: reviewing
Type: | Milestone:
enhancement | Sprint-20110802
Priority: major | Resolution:
Component: | Sensitive: 0
xfrout | Sub-Project: DNS
Keywords: | Estimated Difficulty: 3.0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
Replying to [comment:13 vorner]:
> > Personally, I'd accept by default because conceptually xfrout would be
> > part of auth, and we'd accept queries by default in auth. But I may
> > be biased because while I know there are some paranoid people who
> > never want to answer xfr queries except those from the "authorized
> > secondaries", I never agree with them (I see some valid cases such as
> > a very big zone where xfr queries could be a DoS, but that's an
> > exceptional case, not a reason to set the default).
> >
> > But now that you're leaving, I'm okay, e.g., with leaving this open
> > and deferring it to a separate ticket.
>
> OK, I changed it, it is small change.
Ack, but this results in having two settings of the "default": in
xfrout.py.in and the spec file. As we discussed before, I guess we
should allow RequestLoader.load() to have the default action, and then
we can change the default in the spec file "[]" (meaning no specific
ACLs).
But for now I'm okay with the duplicate. Please leave a comment in
xfrout.py about this, then feel free to merge it.
--
Ticket URL: <http://bind10.isc.org/ticket/772#comment:14>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list