BIND 10 #1351: Make TSIG configuration consistent
BIND 10 Development
do-not-reply at isc.org
Fri Dec 7 13:46:41 UTC 2012
#1351: Make TSIG configuration consistent
-------------------------------------+-------------------------------------
Reporter: vorner | Owner: jelte
Type: defect | Status:
Priority: medium | assigned
Component: xfrin | Milestone:
Keywords: | Sprint-20121218
Sensitive: 0 | Resolution:
Sub-Project: DNS | CVSS Scoring:
Estimated Difficulty: 5 | Defect Severity: N/A
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Comment (by jelte):
Not just rename, 'reinterpret';
working on hunting down the documentation references, but right now it'll
behave like this:
Xfrin/zones[X]/tsig_key value is a string (representing a Name), like in
ACLs; it is the name of a tsig key as entered in the tsig_keys/keys list.
The name is verified to be a valid name, however (mostly due to that i
didn't want to mess too much with the general way xfrin works), it will
only look up the actual key in the list when it starts a transfer; if not
it'll log the error TSIG_KEY_NOT_FOUND, and abort the transfer. If found
it'll behave like before.
(note: one advantage of the above is that changing the tsig_keys value
with bindctl works automatically without additional changes)
now there is a question though; do we want to keep the current name?
'Xfrin/zones[X]/tsig_key'? And do we want backwards compatibility (i.e. if
it is not a Name, but actually a direct TSIG key string, support it?) One
problem is that a full TSIG key string is actually a valid DNS Name input,
so it won't directly break on existing setups (which actually may be a
feature :p), until it starts errorlogging when it wants to transfer. Would
an updates note be sufficient?
--
Ticket URL: <https://bind10.isc.org/ticket/1351#comment:14>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list