[Freeipa-devel] [PATCH] 0010 Use stricter semantics when checking IP address for DNS records
Martin Kosek
mkosek at redhat.com
Wed Feb 29 10:05:18 UTC 2012
On Wed, 2012-02-29 at 10:56 +0100, Petr Viktorin wrote:
> On 02/15/2012 12:57 PM, Martin Kosek wrote:
> > On Wed, 2012-02-15 at 11:20 +0100, Petr Viktorin wrote:
> >> This fixes https://fedorahosted.org/freeipa/ticket/2379 by using
> >> inet_pton instead of inet_aton.
> >>
> >
> > Yeah, this would fix the stricter checking. I planed to improve A/AAAA
> > validation in a scope of this ticket, I plan to use CheckedIPAddress to
> > be more consistent with the rest of the plugin. I made the change you
> > just did in CheckedIPAddress already.
> >
> > My point is that we may want to be even stricter and forbid for example
> > broadcast or multicast addresses to be placed to A/AAAA records.
> >
> > Martin
> >
>
> That was a NACK; Martin wanted to this himself.
>
I changed my mind, this approach is OK for now. Rejecting any multicast
or broadcast addresses may be too restrictive, I would rather just
follow the relevant RFC and just check the A record syntax in this case.
Thus, your approach is sufficient.
ACK. Pushed to master, ipa-2-2.
Martin
More information about the Freeipa-devel
mailing list