[Opendnssec-develop] what to do with garbage in

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Sep 29 14:44:04 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

What should we do with garbage in? For every class of garbage in, we
have I believe three choices:
1. Reject the update, continue with current zone
2. Garbage in, garbage out
3. Garbage in, clean up the mess (make it rfc compliant)

Classes of garbage in:
a) multiple records of a singleton type (CNAME, DNAME) at the same
   owner name
b) data next to CNAME
c) occluded data (below or at a delegation, not glue, or below a DNAME)

It might be that we have to behave differently depending on if we are
primary (file, dynamic update) or secondary (axfr, ixfr).

Classes a) and b):
I think these should be rejected if we are primary. This is according to
rfc 1035 and rfc2672 (-bis).

In the unlikely situation that we get an {A,I}XFR that tries to insert
this garbage, probably also reject it and continue with the old zone.

Rejecting it means we don't need to worry on garbage out.

Classes c):
we should accept on zone transfer and dynamic update (rfc 5936), but
reject on zone file (rfc 2672). Thus also follow these rules on the
outbound side.


Best regards,

Matthijs









-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMo1C0AAoJEA8yVCPsQCW5emQH/AmGNopex1GNruUbO4FIVoq3
vmcSD2IiZPqsQ2OiaMq3mRWn/cVOkESba8q4WIVaoseGRQGKtAzffJ6cEP7f/2Tw
bL53tq4B76xV3Xfmlt6+4bGT6b0JXEYcxsp51NdlyatqBx60Ry3hKYSnjX9kdNyo
c+Ln7xq3+cDMPXdb6NjmDqAKa/7TcDa5iMQNKGMcZTesEvH0/F5TW5QkVcmGA67g
mYYZlbECF50wLF3pv4jX9Sy2O0tt3l3ZxmuVdPXZd5lDIGg5UwTyGD9pK2h7kdi4
/of4caPTngP3iZD9aDEj+uvK1/JDNa6NM5TatZbfEmvlL0lZSAQAWY0zUVLAurI=
=HHNq
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list