Request for review - PR bin/127951: spurious warning against DNAME
RRs
Eugene M. Kim
20080111.freebsd.org at ab.ote.we.lv
Tue Sep 23 21:08:51 UTC 2008
Greetings,
I just submitted a very simple PR/patch -
http://www.freebsd.org/cgi/query-pr.cgi?pr=127591 - which fixes spurious
but annoying warnings against DNAME RRs (annoying because they spam
syslog at auth.notice level).
The patch should not cause any regression, because it just suppresses
the warning without altering any other control flow, but I am not
entirely sure if there is a valid case where DNAMEs should trigger a
strong security warning just as they currently do.
Could someone please review and/or take care of this PR?
Cheers,
Eugene
P.S. A bit of background information, for those who are not familiar
with the subject:
DNAME RRs, as defined in RFC 2672, provides a useful mechanism for
mapping/aliasing an entire DNS tree. For (a real) example, given a
primary domain "the-7.net" and a number of secondary domains such as
the-7.com, the-7.org, the-seven.net and so on, instead of having to add
CNAMEs for "www", "mail" and other subdomains to every single secondary
domain, one can simply add "IN DNAME the-7.net." to the zone apex of
those secondary domains, and the DNS server will take care of all
possible - current /and/ future - subdomains automatically, by returning
a synthesized CNAME:
$ dig www.the-7.com IN A +noall +answer
; <<>> DiG 9.4.2-P1 <<>> www.the-7.com IN A +noall +answer
;; global options: printcmd
the-7.com. 300 IN DNAME the-7.net.
www.the-7.com. 0 IN CNAME www.the-7.net.
www.the-7.net. 300 IN CNAME purple.the-7.net.
purple.the-7.net. 300 IN A 64.71.156.34
$
More information about the freebsd-net
mailing list