Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: prevent duplicate records in single RRset #4195

Merged
merged 2 commits into from Aug 21, 2017
Merged

API: prevent duplicate records in single RRset #4195

merged 2 commits into from Aug 21, 2017

Conversation

zeha
Copy link
Collaborator

@zeha zeha commented Jul 15, 2016
edited

  • read the CONTRIBUTING.md document
  • compiled and tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added regression tests
  • added unit tests

@zeha zeha added the auth label Jul 15, 2016
@zeha zeha added this to the auth-4.1.0 milestone Aug 27, 2016
@zeha
Copy link
Collaborator Author

zeha commented Aug 27, 2016

Somebody please review this.

@pieterlexis
Copy link
Contributor

looks good to me, please rebase 👍

@skfigved skfigved mentioned this pull request Sep 19, 2016
Closed
@tuxis-ie
Copy link
Contributor

May I please object? Although this might be technically correct, it is not very userfriendly. When importing a zone from another setup, I would just like to AXFR the zone, copy paste it into nsedit and be done with it. If I choose not to send an array with nameservers, just use the nameservers that are already in the zone, or b0rk. If I however do send an array with nameservers, override the nameservers in the zone.

If you b0rk on nameservers in the array and in the zone, you are forcing users to first review the whole zone before they are able to import.

So please reconsider this.

@zeha
Copy link
Collaborator Author

zeha commented Sep 19, 2016

@tuxis-ie This would imply the outcome of sending conflicting data is a silent loss of either data. If you want a fallback, client code can handle this. (Either by looking at the data before sending, or by sending 'replace NS' afterwards.)

@zeha zeha force-pushed the api-nameservers-or-ns-rrset branch from 06f76c5 to 8b3d29a Compare September 19, 2016 13:54
@zeha
Copy link
Collaborator Author

zeha commented Sep 19, 2016

@pieterlexis rebased.

@zeha zeha force-pushed the api-nameservers-or-ns-rrset branch from 8b3d29a to 3443eaf Compare October 24, 2016 22:36
@zeha
Copy link
Collaborator Author

zeha commented Oct 24, 2016

Rebased once more.

mind04
mind04 reviewed Oct 25, 2016
View reviewed changes
pdns/ws-auth.cc Outdated
static void checkDuplicateRecords(vector<DNSResourceRecord>& records) {
sort(records.begin(), records.end(),
[](const DNSResourceRecord& rec_a, const DNSResourceRecord& rec_b) -> bool {
return rec_a.qname.toString() > rec_b.qname.toString() || rec_a.qtype.getCode() > rec_b.qtype.getCode();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Content must be part of the sorting, without it there is no guarantee duplicates are sequential if there are 3 or more records with the same "name type" Could use a test.
Is qname always lower case here?

@zeha zeha mentioned this pull request Dec 8, 2016
Merged
6 tasks
@zeha zeha force-pushed the api-nameservers-or-ns-rrset branch from 3443eaf to b391583 Compare December 8, 2016 17:05
@zeha
API test: stop binding pdns_server to ::
8f9f649 
Avoids firewall warning on OS X, and is generally good.
@zeha zeha force-pushed the api-nameservers-or-ns-rrset branch from b391583 to 85aba43 Compare July 23, 2017 13:37
@zeha
API: prevent duplicate records in single RRset
e3675a8 
If a zone already had duplicates, we do nothing to them
(for now).
@zeha zeha force-pushed the api-nameservers-or-ns-rrset branch from 85aba43 to e3675a8 Compare July 24, 2017 10:07
@zeha
Copy link
Collaborator Author

zeha commented Jul 24, 2017

Worked in review feedback + rebased.

Habbie
Habbie approved these changes Aug 14, 2017
View reviewed changes
Copy link
Member

@Habbie Habbie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, even if the answer to my one question is no.

pdns/ws-auth.cc
[](const DNSResourceRecord& rec_a, const DNSResourceRecord& rec_b) -> bool {
return rec_a.qname.toString() > rec_b.qname.toString() || \
rec_a.qtype.getCode() > rec_b.qtype.getCode() || \
rec_a.content < rec_b.content;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has content been canonicalized at this point?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes!

@Habbie Habbie merged commit 3ad168a into PowerDNS:master Aug 21, 2017
@zeha zeha deleted the api-nameservers-or-ns-rrset branch January 29, 2018 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mind04 mind04 mind04 left review comments

@Habbie Habbie Habbie approved these changes

Assignees
No one assigned
Labels
auth enhancement needs review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@zeha @pieterlexis @tuxis-ie @Habbie @mind04 @rgacogne