[knot-dns-users] Knot DNS 1.3.0-rc5

Anand Buddhdev anandb at ripe.net
Thu Aug 1 15:33:30 CEST 2013

On 01/08/2013 15:09, Marek Vavruša wrote:

Hi Marek,

> I see, well we've been thinking about this. But the cost of keeping
> out-of-zone records
> in place for transfers is just too high, as it would need to bypass
> various checks.
> Besides, I think it conforms to the standard listed in the thread as
> we "identify and handle occluded names"
> and also include occluded names in the AXFR response. Except, we don't
> but since we don't accept
> such names into a zonefile in the first place, it is irrelevant to
> consider whether we would include them
> or not in the AXFR response. And I believe discarding them falls into
> the "identify and handle" category.

I'm happy with this response. As I said, out-of-zone names shouldn't be
there in the first place, and I can't think of any negative side effects
of discarding them.

> I see the point, but I also see a few good cases where it's a good idea to fake
> the server version/id. Nevertheless, we could accept two (3 for NSID)
> different types:
> * boolean on|off - on would fill a default string, off would turn it
> off (just a convenience)
> * text "something" - arbitrary string, just like now, even empty text
> * hexstring - just for the NSID
> This would make it convenient to serve both automatic or arbitrary data.
> Does this sound okay?

If you can make Knot parse the options as either boolean or strings,
that would be great. Then we can have on|off for sane defaults, or
string values for wacky people who want to misreport versions and
identities for any reason :)

You're a star! Thanks!



More information about the knot-dns-users mailing list