[Opendnssec-develop] Files included in zone file

Matthijs Mekking matthijs at NLnetLabs.nl
Tue Nov 23 10:00:21 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We could at least make it a known issue. The auditor will now always
fail if the unsigned zone does include $INCLUDE statements.

I recall the reason not to read include files is that we cannot
guarantee that they are atomic. After the signer reads in the zone and
before the audit, the include files could have been edited.

Best regards,

Matthijs

On 11/23/2010 08:55 AM, Alex Dalitz wrote:
>> Should the Auditor be able to handle included zone files ($INCLUDE statements)? Or is it a known issue?
>>
>> Because currently it ignores this statement in the example.com.unsorted file.
> 
> ISTR a discussion last year in which we decided that we would not support $INCLUDE statements.
> 
> So : "no", the auditor does not handle included zone files.
> 
> Do we wish to change this behaviour?
> 
> Thanks,
> 
> 
> Alex._______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJM65C1AAoJEA8yVCPsQCW5VQkIAJ0NwOVCE9GpUn4KjUMumMFs
Q7V9xlPSdoiuX0JDZXxFdtltUZKPz1Q07gBK/qxlILCFEWk8C9IQFxQc+HLmNDIp
1dR/+6gi1shQLpIaCAML3Qqun06C0tXb1lStXZsN8WhMj+ZajILwwK3opIe7vIdb
73sgKlo3QjesA9HijR7XpD9R9Ym+vkm6W/nL2uHw0uDdw/4mD9w9gKD2N9mNwY9z
c1tvAFVcQ08mjuV3mgthj7TkEtmQtKtnxZ+6Q9LittBv5BxcsVhVNmV5tqECfT6Q
/qV5c0iP5n2ddbv5gvmxaKAiW2Mcq0o4J4F+zFzv/SZMVEogLKvww83n1sSFTV0=
=17vl
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list