[Opendnssec-develop] trailing dots
Siôn Lloyd
sion at nominet.org.uk
Wed Feb 16 11:50:13 UTC 2011
Morning.
I have a story about dropping trailing dots in domain names.
I'm slightly confused as to where this needs to happen.
For instance; if someone manually edits the zonelist to add a domain with a
trailing dot I don't imagine that we would want to change that? Or do we?
In the worst case they may have 2 zones which are the same apart from a
trailing dot... Currently the enforcer will see these as 2 separate zones and
create 2 sets of keys for them etc... In the post-dot-removed world the
behaviour might be screwed.
So should I just remove trailing dots from any ksmutil command that references
a zone? Do we need a migration script?
Sion
More information about the Opendnssec-develop
mailing list