[Opendnssec-develop] Trailing dot in enforcer

Siôn Lloyd sion at nominet.org.uk
Wed Mar 2 13:46:08 UTC 2011

> > However, if you add "test." directly to zonelist.xml then you will need
> > to use "-z test.". (This is to avoid trashing existing zones which have
> > trailing dots.)
> Is this because currently you could have two different zones in the
> enforcer: "zone" and "zone."? I am not sure if we necessarily have to be
> backwards compatible with this.
> I would like to see that everywhere you make the comparison:
> - "zone" equals "zone"
> - "zone" equals "zone."
> - "zone." equals "zone"
> - "zone." equals "zone."
> In that case, it doesn't matter how you would add them, and the user
> doesn't have to be concerned about being consistent.

It is a backwards compatibility thing.

I had a zone "sion2." in the database and 2 zones "sion2." and "sion2" in the 
zonelist... The import script refuses to import the second instance as they 
now look like the same zone; however, depending on which came first in the 
zonelist I may have already changed the policy that "sion2." was on.

So I decided to be strict with what is in zonelist to be on the safe side. I 
agree that it is not perfect.


More information about the Opendnssec-develop mailing list