[Freeipa-devel] [PATCH 0152] Replace TTL values > 2^31-1 with 0.
Petr Spacek
pspacek at redhat.com
Fri May 3 12:55:56 UTC 2013
On 3.5.2013 14:35, Tomas Babej wrote:
> On 04/30/2013 03:45 PM, Petr Spacek wrote:
>> Hello,
>>
>> Replace TTL values > 2^31-1 with 0.
>>
>> The rule comes from RFC 2181 section 8.
>>
>> https://fedorahosted.org/bind-dyndb-ldap/ticket/117
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> ACK, works fine.
>
> Just one question though, the patch as it is leaves the invalid TTL value in
> the tree,
> even though it is never interpreted as one (thanks to this patch).
>
> $ ipa dnsrecord-show ipa.example.com skuska --all
> dn: idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com
> Record name: skuska
> Time to live: 2147483648
> A record: 192.168.0.1
> objectclass: top, idnsrecord
>
> from /var/log/messages:
> named[18275]: entry
> 'idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com':
> entry TTL 2147483648 > MAXTTL, setting TTL to 0
>
> Wouldn't that be confusing to the user? Shouldn't we fix the TTL value set in
> the entry as well?
It is exactly what "original" BIND does. I would like to imitate the same
behaviour if you are not against it strongly.
I think that:
1) Somebody could use bind-dyndb-ldap with read-only access to LDAP.
2) It will unnecessarily complicate the code.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list