BIND 10 #1351: Make TSIG configuration consistent

BIND 10 Development do-not-reply at isc.org
Mon Dec 10 15:23:43 UTC 2012 

#1351: Make TSIG configuration consistent
-------------------------------------+-------------------------------------
            Reporter:  vorner        |                        Owner:  jelte
                Type:  defect        |                       Status:
            Priority:  medium        |  reviewing
           Component:  xfrin         |                    Milestone:
            Keywords:                |  Sprint-20121218
           Sensitive:  0             |                   Resolution:
         Sub-Project:  DNS           |                 CVSS Scoring:
Estimated Difficulty:  5             |              Defect Severity:  N/A
         Total Hours:  0             |  Feature Depending on Ticket:
                                     |          Add Hours to Ticket:  0
                                     |                    Internal?:  0
-------------------------------------+-------------------------------------
Changes (by vorner):

 * owner:  vorner => jelte


Comment:

 Hello

 How I dislike XML:
 {{{
 /usr/bin/xsltproc --novalid --xinclude --nonet -o b10-xfrin.8
 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
 ./b10-xfrin.xml
 ./b10-xfrin.xml:118: parser error : Opening and ending tag mismatch: para
 line 106 and quote
       TSIG key ring (/tsig_keys/keys).</quote>).
                                               ^
 ./b10-xfrin.xml:119: parser error : Opening and ending tag mismatch:
 refsect1 line 94 and para
     </para>
            ^
 ./b10-xfrin.xml:215: parser error : Opening and ending tag mismatch:
 refentry line 20 and refsect1
   </refsect1>
              ^
 ./b10-xfrin.xml:242: parser error : Extra content at the end of the
 document
   <refsect1>
   ^
 unable to parse ./b10-xfrin.xml
 }}}

 This TODO probably should not be here:
 {{{#!diff
 -    def set_tsig_key(self, tsig_key_str):
 +    def set_tsig_key_name(self, tsig_key_str):
          """Set the tsig_key for this zone, given a TSIG key string
             representation. If tsig_key_str is None, no TSIG key will
             be set. Raises XfrinZoneInfoException if tsig_key_str cannot
 -           be parsed."""
 +           be parsed. TODO UPDATE"""
 }}}

 Also, is there a lettuce test with TSIG? (Obviously, my test-everything
 script
 didn't get that far, so I don't know).

 And, as a check about the config, we might want to try two things:
  * Try doing the lookup (`get_tsig_key`) when we configure.
  * Maybe try creating a TSIG key from the name and if it succeeds, warn?
 (Hmm,
    it would be nice if we could send warnings from the config handler).

 Also, it doesn't use the current implementation of TSIG keyring. Is that
 intentional? We may want to change the configuration place sometime later
 possibly (putting all zones and tsig keys into /dns or whatever). If that
 happens, we have two places to change it.

-- 
Ticket URL: <http://bind10.isc.org/ticket/1351#comment:17>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list