[Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation
Martin Basti
mbasti at redhat.com
Wed Sep 3 14:42:06 UTC 2014
On 02/09/14 17:16, Petr Spacek wrote:
> On 20.8.2014 19:26, Martin Basti wrote:
>> Part of DNSSEC
>> Patches attached.
>
> NACK
>
> # ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an
> NS record (RFC 4529, section 4.6)
>
> RFC number is incorrect. IMHO it should also reference 'RFC 4035
> section 2.4'.
>
> Also, there is one hole:
> Current code allows you to add DS RR to existing NS and then to remove
> NS.
>
> Let me know if adding a check to -del is too hard, maybe we can live
> without it...
>
dnsrecord-del validation added
Updated patch attached
Required in ipa 4.1 but this could be pushed to 4.0.x too
--
Martin Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0109.2-DNSSEC-fix-DS-record-validation.patch
Type: text/x-patch
Size: 7967 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140903/79728d22/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0110.2-Tests-DNS-dsrecord-validation.patch
Type: text/x-patch
Size: 3981 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140903/79728d22/attachment-0001.bin>
More information about the Freeipa-devel
mailing list