[Opendnssec-develop] trailing dots

Siôn Lloyd sion at nominet.org.uk
Wed Feb 16 11:50:13 UTC 2011


Morning.

I have a story about dropping trailing dots in domain names.

I'm slightly confused as to where this needs to happen.

For instance; if someone manually edits the zonelist to add a domain with a 
trailing dot I don't imagine that we would want to change that? Or do we?

In the worst case they may have 2 zones which are the same apart from a 
trailing dot... Currently the enforcer will see these as 2 separate zones and 
create 2 sets of keys for them etc... In the post-dot-removed world the 
behaviour might be screwed.

So should I just remove trailing dots from any ksmutil command that references 
a zone? Do we need a migration script?

Sion



More information about the Opendnssec-develop mailing list