[Opendnssec-develop] Files included in zone file
matthijs at NLnetLabs.nl
Tue Nov 23 10:00:21 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
We could at least make it a known issue. The auditor will now always
fail if the unsigned zone does include $INCLUDE statements.
I recall the reason not to read include files is that we cannot
guarantee that they are atomic. After the signer reads in the zone and
before the audit, the include files could have been edited.
On 11/23/2010 08:55 AM, Alex Dalitz wrote:
>> Should the Auditor be able to handle included zone files ($INCLUDE statements)? Or is it a known issue?
>> Because currently it ignores this statement in the example.com.unsorted file.
> ISTR a discussion last year in which we decided that we would not support $INCLUDE statements.
> So : "no", the auditor does not handle included zone files.
> Do we wish to change this behaviour?
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop