[Opendnssec-user] Why XML?

Jakob Schlyter jakob at kirei.se
Wed May 22 13:11:51 UTC 2013


On 22 maj 2013, at 15:07, Fredrik Pettai <pettai at nordu.net> wrote:

> One thing that struck me while having a discussion about different formats, is why OpenDNSSEC has it's configuration files in the XML format? I understood that (at least one of) the design idea(s) behind it, was that other provision systems that use OpenDNSSEC as a backend should be able to generate/rewrite configuration to OpenDNSSEC. Is that a reality today, or was it just a pipe dream? :-)

Yes, there are systems today that generated XML for OpenDNSSEC. XML is also used for enforcer/signer interaction, and using the same syntax for all files made sense. We could have used JSON, but then syntax checking would have been less strict.

> As an OpenDNSSEC user, the configuration is unnecessarily filled with (too) much information, making it less readable. As a package maintainer, having to depend on libxml2 is not something that is positive, due to all security vulnerabilities that comes with libxml2.

No XML files that OpenDNSSEC use should be writable by non-admins, so any security issues with libxml2 are, IMHO, moot in this context.

> I do understand that it would take time that could be spent on other things to rewrite this, and I wouldn't suggest that this should be on the roadmap for OpenDNSSEC 1.x. But maybe OpenDNSSEC 2.x could add support for less complicated configuration syntax?

Changing the configuration file format is not on the roadmap for 2.0, but we will look into this for future releases.


Not starting the my-favorite-config-file-format war, but what would you recommend us to look at in the future?


	jakob




More information about the Opendnssec-user mailing list