From owner-freebsd-net@FreeBSD.ORG Tue Sep 23 23:06:41 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E90D106564A for ; Tue, 23 Sep 2008 23:06:41 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outY.internet-mail-service.net (outy.internet-mail-service.net [216.240.47.248]) by mx1.freebsd.org (Postfix) with ESMTP id 04FDB8FC15 for ; Tue, 23 Sep 2008 23:06:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 1570F248C; Tue, 23 Sep 2008 16:06:41 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 9FD572D6006; Tue, 23 Sep 2008 16:06:40 -0700 (PDT) Message-ID: <48D9767F.2080207@elischer.org> Date: Tue, 23 Sep 2008 16:06:39 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: "Eugene M. Kim" <20080111.freebsd.org@ab.ote.we.lv> References: <48D95AD7.2070604@ab.ote.we.lv> In-Reply-To: <48D95AD7.2070604@ab.ote.we.lv> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Request for review - PR bin/127951: spurious warning against DNAME RRs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Sep 2008 23:06:41 -0000 Eugene M. Kim wrote: > Greetings, > > I just submitted a very simple PR/patch - > http://www.freebsd.org/cgi/query-pr.cgi?pr=127591 - which fixes spurious > but annoying warnings against DNAME RRs (annoying because they spam > syslog at auth.notice level). > > The patch should not cause any regression, because it just suppresses > the warning without altering any other control flow, but I am not > entirely sure if there is a valid case where DNAMEs should trigger a > strong security warning just as they currently do. > > Could someone please review and/or take care of this PR? > > Cheers, > Eugene > > P.S. A bit of background information, for those who are not familiar > with the subject: > > DNAME RRs, as defined in RFC 2672, provides a useful mechanism for > mapping/aliasing an entire DNS tree. For (a real) example, given a > primary domain "the-7.net" and a number of secondary domains such as > the-7.com, the-7.org, the-seven.net and so on, instead of having to add > CNAMEs for "www", "mail" and other subdomains to every single secondary > domain, one can simply add "IN DNAME the-7.net." to the zone apex of > those secondary domains, and the DNS server will take care of all > possible - current /and/ future - subdomains automatically, by returning > a synthesized CNAME: > > $ dig www.the-7.com IN A +noall +answer sigh, another DNS RR I have to add support for at $WORK.. > > ; <<>> DiG 9.4.2-P1 <<>> www.the-7.com IN A +noall +answer > ;; global options: printcmd > the-7.com. 300 IN DNAME the-7.net. > www.the-7.com. 0 IN CNAME www.the-7.net. > www.the-7.net. 300 IN CNAME purple.the-7.net. > purple.the-7.net. 300 IN A 64.71.156.34 > $ > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"