[Freeipa-devel] [PATCH 0152] Replace TTL values > 2^31-1 with 0.
Petr Spacek
pspacek at redhat.com
Tue May 14 15:09:17 UTC 2013
On 3.5.2013 15:19, Tomas Hozza wrote:
> ----- Original Message -----
>> On 3.5.2013 14:35, Tomas Babej wrote:
>>> On 04/30/2013 03:45 PM, Petr Spacek wrote:
>>>> Hello,
>>>>
>>>> Replace TTL values > 2^31-1 with 0.
>>>>
>>>> The rule comes from RFC 2181 section 8.
>>>>
>>>> https://fedorahosted.org/bind-dyndb-ldap/ticket/117
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>> ACK, works fine.
>>>
>>> Just one question though, the patch as it is leaves the invalid TTL value
>>> in
>>> the tree,
>>> even though it is never interpreted as one (thanks to this patch).
>>>
>>> $ ipa dnsrecord-show ipa.example.com skuska --all
>>> dn:
>>> idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com
>>> Record name: skuska
>>> Time to live: 2147483648
>>> A record: 192.168.0.1
>>> objectclass: top, idnsrecord
>>>
>>> from /var/log/messages:
>>> named[18275]: entry
>>> 'idnsname=skuska,idnsname=ipa.example.com,cn=dns,dc=ipa,dc=example,dc=com':
>>> entry TTL 2147483648 > MAXTTL, setting TTL to 0
>>>
>>> Wouldn't that be confusing to the user? Shouldn't we fix the TTL value set
>>> in
>>> the entry as well?
>>
>> It is exactly what "original" BIND does. I would like to imitate the same
>> behaviour if you are not against it strongly.
>>
>> I think that:
>> 1) Somebody could use bind-dyndb-ldap with read-only access to LDAP.
>> 2) It will unnecessarily complicate the code.
>>
>> --
>> Petr^2 Spacek
>
> Review ACK.
>
> The patch looks good. I also agree with Peter's reasoning. There is also
> an error logged when the TTL has MSB set, so one can notice there is a bad
> TTL value set in LDAP.
Pushed to master: ccc439e5a5d8d2e0e6dbcb85351f48c501fdad03
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list