BIND 10 #2759: apply check_zone before commiting DDNS changes
BIND 10 Development
do-not-reply at isc.org
Thu Jun 27 01:05:48 UTC 2013
#2759: apply check_zone before commiting DDNS changes
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner:
Type: defect | vorner
Priority: medium | Status:
Component: DDNS | reviewing
Keywords: | Milestone:
Sensitive: 0 | Sprint-20130709
Sub-Project: DNS | Resolution:
Estimated Difficulty: 3 | CVSS Scoring:
Total Hours: 0 | Defect Severity: N/A
| Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Changes (by muks):
* owner: muks => vorner
Comment:
Hi Michal
Replying to [comment:9 vorner]:
> I think this changes observable behaviour and needs changelog entry.
How does this look:
{{{
XYZ. [bug] muks
When processing DDNS updates, we now more thoroughly check the
zone with the received zone data updates to check if it is valid.
If the zone fails validation, we reply with SERVFAIL rcode. So,
while previously we may have allowed more zone data cases without
checking which resulted in invalid zones, such update requests are
now failed.
(Trac #2759, git ...)
}}}
> Would it be possible to somehow signal (from the validator) what kind
> of error it was? It would probably not be part of this ticket, but it
> would be nice to have.
This sounds reasonable to me generally for the `check_zone()` function,
but even with such changes, there are still not RCODEs that can be
mapped for many of the cases why `check_zone()` would fail. See RFC2136
section 2.2.
> The new log messages give impression that the whole zone was
> received. This may be the case of XfrIn, but with DDNS, it is simply
> not true.
The log messages have been updated.
--
Ticket URL: <http://bind10.isc.org/ticket/2759#comment:10>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list