BIND 10 #1539: The sending part of passing UPDATE packets

BIND 10 Development do-not-reply at isc.org
Sat May 19 02:50:04 UTC 2012 

#1539: The sending part of passing UPDATE packets
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  vorner                             |                Status:  accepted
                       Type:  task   |             Milestone:
                   Priority:         |  Sprint-20120529
  medium                             |            Resolution:
                  Component:         |             Sensitive:  0
  b10-auth                           |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  0
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:  DDNS   |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 trac1539 is ready for review at branch trac1539-2.  I made this branch
 from the original trac1539, rebasing it onto a more recent master
 (so it's easier to get the branch diff).  In case it's not clear,
 the diff to be reviewed is 'git diff 13838d3^'.

 For testing the forwarder behavior effectively, I introduced the
 base class of socket forwarder and mock derived class of it.
 lib/util/unittests/mock_socketsession.h was newly created for this
 purpose, and that consumes a large part of the entire diff.  The size
 is relatively large, but its implementation should be trivial.

 And, other than this, I believe the size of the change should be
 moderate and the implementation is quite straightforward.

 Some notes:
 - I've noticed there's no API to retrieve the local (server's)
   address/port from a given IO message.  We should fix this, but I
   chose not to include it in this branch.  At the moment the remote
   address should be sufficient, for both ACL and returning the
   response.  I plan to open a separate ticket for the API to retrieve
   the local address (and use it).
 - I've followed the xfrout convention to get the UNIX socket file for
   ddns, i.e, hardcoding it.  I believe we should rather get it from
   the b10-ddns configuration so we can centralize the information and
   won't have to hardcode environment variables in the main code.  But
   that would make the branch much bigger, so I chose to not do it in
   this branch.  I plan to open a ticket for it, too.
 - I believe we should make it possible that b10-auth can skip
   forwarding completely when ddns isn't supposed to be used (and
   b10-ddns is not running at all).  That's actually the more common
   operation, and trying to (and failing) forward update requests is
   costly, perhaps too expensive and could even be a DoS vector because
   it involves exception handling.  I think we should do this with the
   second point; b10-auth would first try to get the ddns
   configuration, and setup the forwarder only after it gets the
   config.  If the forwarder isn't setup, b10-auth will immediately
   return NOTIMP to any update requests.  Also, ideally, when ddns
   stops running b10-auth should destroy the forwarder and fall back to
   the NOTIMP mode (but I guess this will require some of the msgq
   enhancements).

-- 
Ticket URL: <http://bind10.isc.org/ticket/1539#comment:8>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list