BIND 10 #1165: allow specifying xfrout ACL per zone basis

BIND 10 Development do-not-reply at isc.org
Tue Sep 27 06:54:44 UTC 2011 

#1165: allow specifying xfrout ACL per zone basis
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  jinmei                             |                Status:  accepted
                       Type:  task   |             Milestone:
                   Priority:  major  |  Sprint-20110927
                  Component:         |            Resolution:
  xfrout                             |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  4
Feature Depending on Ticket:         |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 Replying to [comment:3 jinmei]:

 Branch trac1165 is ready for review.

 I believe the implementation is straightforward.  I made a couple of
 unrelated cleanup/refactoring changes (I hope they are acceptable).
 See the commit log for the intent of such changes.

 I originally plan to do a few more things for this ticket:
 - add system tests
 - update bind10-guide
 but I decided to defer them to keep the branch concise.  My plan is
 to create a separate new task for these remaining points.

 The proposed changelog entry is as follows:
 {{{
 288.?   [func]*         jinmei
         b10-xfrout: ACLs for xfrout can now be configured per zone basis.
         A per zone ACl is part of a more general zone configuration.  A
         quick example for configuring an ACL for zone "example.com" that
         rejects any transfer request for that zone is as follows:
         > config add Xfrout/zone_config
         > config set Xfrout/zone_config[0]/origin "example.com"
         > config add Xfrout/zone_config[0]/transfer_acl
         > config set Xfrout/zone_config[0]/transfer_acl[0] {"action":
 "REJECT"}
         The previous global ACL (query_acl) was renamed to transfer_acl,
         which now works as the default ACL.  Note: backward compatibility
         is not provided, so an existing configuration using query_acl
         needs to be updated by hand.
         Note: the per zone configuration framework is a temporary
         workaround.  It will eventually be redesigned as a system wide
         configuration.
         (Trac #1165, git TBD)
 }}}

 (btw: I saw an error after "config add
 Xfrout/zone_config[0]/transfer_acl",
 but the entry was actually created.  It seems like a bug of bindctl or
 config module).

-- 
Ticket URL: <http://bind10.isc.org/ticket/1165#comment:4>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list