[Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation
Petr Spacek
pspacek at redhat.com
Tue Sep 2 15:16:03 UTC 2014
On 20.8.2014 19:26, Martin Basti wrote:
> Part of DNSSEC
> Patches attached.
NACK
# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record (RFC 4529, section 4.6)
RFC number is incorrect. IMHO it should also reference 'RFC 4035 section 2.4'.
Also, there is one hole:
Current code allows you to add DS RR to existing NS and then to remove NS.
Let me know if adding a check to -del is too hard, maybe we can live without it...
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list