[Opendnssec-user] Why XML?

Fredrik Pettai pettai at nordu.net
Wed May 22 13:28:49 UTC 2013

On May 22, 2013, at 15:11 , Jakob Schlyter <jakob at kirei.se> wrote:
> On 22 maj 2013, at 15:07, Fredrik Pettai <pettai at nordu.net> wrote:
>> One thing that struck me while having a discussion about different formats, is why OpenDNSSEC has it's configuration files in the XML format? I understood that (at least one of) the design idea(s) behind it, was that other provision systems that use OpenDNSSEC as a backend should be able to generate/rewrite configuration to OpenDNSSEC. Is that a reality today, or was it just a pipe dream? :-)
> Yes, there are systems today that generated XML for OpenDNSSEC. XML is also used for enforcer/signer interaction, and using the same syntax for all files made sense. We could have used JSON, but then syntax checking would have been less strict.
>> As an OpenDNSSEC user, the configuration is unnecessarily filled with (too) much information, making it less readable. As a package maintainer, having to depend on libxml2 is not something that is positive, due to all security vulnerabilities that comes with libxml2.
> No XML files that OpenDNSSEC use should be writable by non-admins, so any security issues with libxml2 are, IMHO, moot in this context.

Sure, but you still have to install it, update and patch it...

>> I do understand that it would take time that could be spent on other things to rewrite this, and I wouldn't suggest that this should be on the roadmap for OpenDNSSEC 1.x. But maybe OpenDNSSEC 2.x could add support for less complicated configuration syntax?
> Changing the configuration file format is not on the roadmap for 2.0, but we will look into this for future releases.
> Not starting the my-favorite-config-file-format war, but what would you recommend us to look at in the future?

Just key value format, without the XML type definitions…


More information about the Opendnssec-user mailing list