Please remember to reply to the mailing list, not the original sender:
http://gnudip2.sourceforge.net/#mailinglist
+++++++++
OK. You have sold me.
I had second thoughts about the idea of rechecking the IP for MX names
repeatedly as soon as I pressed "send". It would turn the GnuDIP server
into a potential unintentional DOS attack program. I have tried hard to
make it hard to do an unintentional DOS attck using the client, but here
I was suggesting adding such a feature to the server!!
The important point here to me is that the problem gets passed back all
the way to the end user. The end user has to provide an IP address. So
if they want to make a reciprocal agreement with a friend who also has a
dynamic IP address, they are out of luck.
Note that the "validip" routine does not just check the format of the IP
address. It checks to see if the set of addresses that can be registered
is limited, and if so it checks whether this address is one of them. We
would need a simpler routine to just check the format of an IP address.
Perhaps I should have called ny routine something a bit more decriptive,
like "acceptableIP". We can rename it if you like, so that "validip" is
just a format check.
Are there any adddresses that are not acceptable to tinydns-data? If so,
these must also be screened out ("validtinydnsIP"?). Otherwise if
someone enters one of these, the reload will fail (?) from then on,
affecting all users?
Also, instead of "$$conf{'TINYDNS'}", how about "$$conf{'tinydns'}"?
Also, as I did for the "nsupdate" configuration parameter, I have tried
to have a global and a domain version. So how about a check for
``$$conf{'tinydns'} or $$conf{"tinydns.$$userinfo{'domain'}"}''?
===
Are you interested in making these changes yourself? Or would you like
me to? It would be nice to have someone else around who could help
support GnuDIP. If you are interested, you should make quite certain you
have the latest version. I have developed a bad habit of making small
fixes without bumping up the version number.
Thilo Bangert wrote:
>
> i'd still rather patch gnudip. my estimate is that it would be a
> three-liner... well almost
> doreq.pm:
>
> 828,834c828
> < if ( $$conf{'TINYDNS'} eq 'YES' ) {
> < if ( validip($$reqparm{'new_MXvalue'}) != 1 ) {
> < $$reqparm{'new_MXvalue'} = 0 ;
> < }
> < } else {
> < $$reqparm{'new_MXvalue'} =
> validdomain($$reqparm{'new_MXvalue'});
> < }
> ---
> > $$reqparm{'new_MXvalue'} = validdomain($$reqparm{'new_MXvalue'});
>
> works for me, but i'll test that further...
>
> > I could add the lookup to gdiptinydns.pl without a lot of work. I
> > could also add a "back end" option that would allow one to specify a
> > maximum time between reloads, so that a reload would get done at
> > intervals, and pick up MX address changes.
> >
> > Let me know.
>
> this would make sense, but i still think patching gnudip is alot better
> and alot more tinydns like, because it lets you use gnudip + tinydns
> the way tinydns is meant. people using tinydns will be very aware of
> the implications mx and ns records have (CNAME also)...
>
> i don't know
--
Creighton MacDonnell
http://macdonnell.ca/
--
GnuDIP Mailing List
http://gnudip2.sourceforge.net/#mailinglist
