On Thu, 14 Aug 2014 08:45:16 -0400 chas williams - CONTRACTOR <[email protected]> wrote:
> On Wed, 13 Aug 2014 22:26:36 -0500 > Andrew Deason <[email protected]> wrote: > > > This generally sounds reasonable to me. But I think you want to just > > require a dot if the name doesn't exist in the csdb at all, so you can > > just put it in the local csdb if you want to use it, without needing to > > alias it to a full cell name. (This may have been mentioned earlier, but > > I don't see it here.) I'd call such an option -afsdb-ndots, which would > > set the minimum number of dots (like resolv.conf's "option ndots"). > > I would probably prefer to have a whitelist of some sort that would > support regular expressions. You could then do something stupid like > require entries to have atleast a single . and end in one of the more > common domain suffixes. I prefer a blacklist, because I'd rather err on the side allowing too many entries than restricting too many. I imagined this would be a list set by e.g. Linux distribution packaging, to reduce the 'out of the box' experience of things hanging. But if you restrict too much, someone's cell in a DNS TLD you've never heard of (maybe it doesn't exist right now) stops working for seemingly strange (to them) reasons. But it's sounding like maybe it's better to get by without either a whitelist or blacklist. Improving the caching means this would work more 'automatically' and with fewer additional configuration directives, etc. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
