[Opendnssec-develop] Trailing dot in enforcer
Siôn Lloyd
sion at nominet.org.uk
Wed Mar 2 13:46:08 UTC 2011
> > However, if you add "test." directly to zonelist.xml then you will need
> > to use "-z test.". (This is to avoid trashing existing zones which have
> > trailing dots.)
>
> Is this because currently you could have two different zones in the
> enforcer: "zone" and "zone."? I am not sure if we necessarily have to be
> backwards compatible with this.
>
> I would like to see that everywhere you make the comparison:
> - "zone" equals "zone"
> - "zone" equals "zone."
> - "zone." equals "zone"
> - "zone." equals "zone."
>
> In that case, it doesn't matter how you would add them, and the user
> doesn't have to be concerned about being consistent.
It is a backwards compatibility thing.
I had a zone "sion2." in the database and 2 zones "sion2." and "sion2" in the
zonelist... The import script refuses to import the second instance as they
now look like the same zone; however, depending on which came first in the
zonelist I may have already changed the policy that "sion2." was on.
So I decided to be strict with what is in zonelist to be on the safe side. I
agree that it is not perfect.
Sion
More information about the Opendnssec-develop
mailing list