Re: [Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation

Petr Spacek Tue, 02 Sep 2014 08:17:31 -0700

On 20.8.2014 19:26, Martin Basti wrote:

Part of DNSSEC
Patches attached.


NACK

# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'

ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NSrecord (RFC 4529, section 4.6)


RFC number is incorrect. IMHO it should also reference 'RFC 4035 section 2.4'.

Also, there is one hole:
Current code allows you to add DS RR to existing NS and then to remove NS.

Let me know if adding a check to -del is too hard, maybe we can live without 
it...

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation

Reply via email to