BIND 10 #2759: apply check_zone before commiting DDNS changes
BIND 10 Development
do-not-reply at isc.org
Thu Jun 27 09:01:30 UTC 2013
#2759: apply check_zone before commiting DDNS changes
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner: muks
Type: defect | Status:
Priority: medium | reviewing
Component: DDNS | Milestone:
Keywords: | Sprint-20130709
Sensitive: 0 | Resolution:
Sub-Project: DNS | CVSS Scoring:
Estimated Difficulty: 3 | Defect Severity: N/A
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Changes (by vorner):
* owner: vorner => muks
Comment:
Hello
Replying to [comment:10 muks]:
> How does this look:
> {{{
> XYZ. [bug] muks
> When processing DDNS updates, we now more thoroughly check the
> zone with the received zone data updates to check if it is valid.
> If the zone fails validation, we reply with SERVFAIL rcode. So,
> while previously we may have allowed more zone data cases without
> checking which resulted in invalid zones, such update requests are
> now failed.
> (Trac #2759, git ...)
>
> }}}
There are some strange wordings here. May I suggest small changes?
* We now check more thoroughly
* Such update requests now fail / such update requests are now rejected.
> This sounds reasonable to me generally for the `check_zone()` function,
> but even with such changes, there are still not RCODEs that can be
> mapped for many of the cases why `check_zone()` would fail. See RFC2136
> section 2.2.
OK, can you create a ticket for fixing at least some of the rcodes, the
ones that are defined? Maybe with the proposed solution? So we can at
least keep the ticket there for future reference or indefinite burial.
I think it can be merged now.
--
Ticket URL: <http://bind10.isc.org/ticket/2759#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list