New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop root-server configuration option #276
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this would enable use of packaged versions, without needing a recompile. The new option is implemented with code in all the places it needs to.
dbaccess.c
Outdated
#ifdef ROOT_SERVER | ||
root_server = nsd->options ? nsd->options->root_server : 1; | ||
#else | ||
root_server = nsd->options ? nsd->options->root_server : 0; | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having the define to allow root-server by default makes sense.
The define here seems to be only for when nsd.options is NULL. This only happens during the unit test. So, it does not set the default here, but only the value used during unit tests. Perhaps it is cleaner to say so in a comment, or no have the if on nsd.options NULL or not, and instead make changes in the unit tests to set the value. tpkg/cutest/cutest_namedb.c:90 in create_and_read_db. nsd.options = opt;
tpkg/cutest/cutest_iter.c:56 in create_zone, nsd.options = options;
And then also set nsd.options->root_server = 1; if it needs to be enabled for the unit test.
So, in that case, the code turns into ifdef ROOT_SERVER root_server = 1; else root_server = nsd->options->root_server; endif. Or am I missing the intent of the code and ifdef and NULL checks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also in tpks/cutest/qtest.c:75 nsd->options->root_server=1; could be useful for the unit test. Or edit the files tpkg/cutest_qroot.tdir/root.conf root2.conf and unsigned.conf to set the option. If test modifications is a good solution here these places may also need modification.
nsd-checkzone.c
Outdated
@@ -80,7 +80,7 @@ check_zone(struct nsd* nsd, const char* name, const char* fname, FILE *out, | |||
} | |||
|
|||
/* read the zone */ | |||
errors = zonec_read(name, fname, zone); | |||
errors = zonec_read(name, fname, zone, nsd->options->root_server); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The value of nsd->options->root_server here is the default. The nsd.conf file has not been read in. For the user with a root zone that tries to nsd-checkzone the root.zone file, that would fail if they used the nsd.conf root-server: yes option. Because the default of no is from the options allocation routine, and the config file is not read at this point. It would need to read the config file to have that option, but this may also not be desirable, because of all the other stuff that can be in a config file, or maybe add a commandline option to set root-server value to nsd-checkzone.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps a simple nsd->options->root_server = 1; could suffice here. The operator with a wrongly configured root zone can be told the configuration does not work from the nsd-checkconf utility, or when the server starts. The zone file itself, can be just fine, and when checked produce no error by itself.
verify.c
Outdated
@@ -112,11 +112,11 @@ static inline size_t print_line(struct verifier_stream *stream, int eof) | |||
return 0; | |||
|
|||
if (len > LOGLINELEN) { | |||
fmt = stream->cut ? ".. %.*s .." : "%.*s .."; | |||
fmt = stream->cut ? "verifier: .. %.*s .." : "%.*s .."; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be from a different issue. Code looks fine, by the way.
I wrote in #275 that the |
If you can present an actual case of misconfiguration by an operator, leading to actual problems, I'd be willing to consider leaving this option in. Without such a case, and the mere theoretical danger foreseen by someone, is not enough to maintain this option. |
Name servers like BIND are going down the path of less code, less complexity and leanness, and here we have an example of more code and more complexity. It really feels wrong. |
Hi @anandb-ripencc. The option is to prevent people used to BIND from configuring a hints zone and thereby unintentionally serve a hint version of the root zone. Since this option has been there from the start, it'd make sense you did not see any issues pop up 🙂 For me personally, it's hard to state whether or not the option has actually prevented issues in the past or will help prevent them in the future. But, IMHO this is not the type of option that makes everything super complex or introduce bugs. Of course, your claim may still be valid. @wtoorop, @wcawijngaards any thoughts? |
I think that implementing the options that Anand likes, is a good idea, because it is a feature for a root server, and RIPE is a root operator. But in addition, one of the failures is loading a root.hints file in a root zone, something that is prevented by a parse failure due to a lack of a SOA record. It is trying to be idiot proof, and this is not really meant for Anand, but for mistakes by other users, but I have no examples of these mistakes; people porting BIND config files and adding root zones; but then Anand says those software configs do not have the problem, so maybe it is not a problem or no longer perceived as such a problem. |
I didn't think of the "parse error" angle. If the file cannot be loaded to begin with, I think it makes sense to simply remove the option(s) and instead add a test (if it's not already there) to verify a hints file cannot be loaded(?) |
The change doesn't introduce any real or new complexity into the code, and it is the most conservative, most backwards compatible way to deal with the request (The default of the option is yes when That said, I'm also just fine with only changing the default value of the |
I would like to maintain my view that the @wcawijngaards has already pointed out that the one possible scenario where users might get it wrong is the case of loading I am also unhappy about that idea that a new option in So I would still like to argue for dropping this |
@bjovereinder what do you think of this discussion? I know you're neither a developer, nor an end user, but do you see my point? |
For what it's worth, I do see your point @anandb-ripencc and I agree that the option would be confusing. So it looks to me we're all fine with dropping it (Jeroen was already suggesting that, and I also stated that I wouldn't mind). |
Hi Anand,
Thanks. Jeroen was already updating the PR that largely covered your concerns, with attention on backward compatibility. -- Benno |
Updated according to comments. @wcawijngaards, can you have a quick look to see if you agree with the changes? |
It looks okay to me. |
Fixes #275.