From: Kees Monshouwer Date: Mon, 18 Jul 2022 12:17:01 +0000 (+0200) Subject: auth: review sugestions X-Git-Tag: auth-4.8.0-alpha0~7^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=139eff517801e3c60be10b439b7b1414138807ec;p=thirdparty%2Fpdns.git auth: review sugestions --- diff --git a/docs/catalog.rst b/docs/catalog.rst index 36677ef9c0..eb930a3d11 100644 --- a/docs/catalog.rst +++ b/docs/catalog.rst @@ -1,5 +1,5 @@ -Catalog Zone (RFC TBD) -======================= +Catalog Zones (RFC TBD) +======================== Starting with the PowerDNS Authoritative Server 4.7.0, catalog zone support is available. @@ -9,17 +9,19 @@ Supported catalog versions +-----------------+----------+----------+ | Catalog version | Producer | Consumer | +=================+==========+==========+ -| 1 (ICS) | No | Yes | +| 1 (ISC) | No | Yes | +-----------------+----------+----------+ | 2 (RFC TBD) | Yes | Yes | +-----------------+----------+----------+ -All all the important features of catalog zone version "2" are supported. There are however a few properties where support is limited: +All the important features of catalog zones version "2" are supported. +There are however a few properties where support is limited: - There is no support for group templates on consumers; - There is no support for custom extensions; -The implementation requires the backend to support a number of new operations. Currently, the following backends have been modified to support catalog zones: +The implementation requires the backend to support a number of new operations. +Currently, the following backends have been modified to support catalog zones: - :doc:`gmysql ` - :doc:`gpgsql ` @@ -44,10 +46,12 @@ It is highly recommended to protect catalog zones with :doc:`TSIG <../tsig>` CATALOG-HASH ~~~~~~~~~~~~ -Producer zones are storing the member state as a hash in this metadata setting. This setting is managed by the authoritative server. Modify or deleting this value will result in a serial increase of the producer zone and the update or recreation of this value. +Producer zones store the member state as a hash in this metadata setting. +This setting is managed by the authoritative server. +Modifying or deleting this value will result in a serial increase of the producer zone and the update or recreation of this value. -Setup Catalog Zones -------------------- +Setting up catalog zones +------------------------ .. note:: Catalog zone specification and operation is described in `DNS Catalog Zones `__. @@ -55,9 +59,11 @@ Setup Catalog Zones Setting up a producer zone ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Setting up a producer zone is not very different from a regular primary zone. A producer zone is a minimal zone of type CONSUMER with only SOA and NS records at apex. All the records in a producer zone are ignored while generating a catalog. +Setting up a producer zone is not very different from a regular primary zone. +A producer zone is a minimal zone of type PRODUCER with only SOA and NS records at apex. +All the records in a producer zone are ignored while generating a catalog. -A initial producer zone may look like this: +An initial producer zone may look like this: :: @@ -72,7 +78,9 @@ A initial producer zone may look like this: @ IN NS ns1.zone.invalid. -An interesting detail is the serial. Since the serial of a producer zone is automatically updated, it is important for the initial serial to be equal or lower than epoch. This serial is increased to EPOCH after each relevant member update. +An interesting detail is the serial. +Since the serial of a producer zone is automatically updated, it is important for the initial serial to be equal or lower than epoch. +This serial is increased to EPOCH after each relevant member update. Create a producer zone: @@ -86,7 +94,8 @@ Creating producer zones is supported in the :doc:`API `. Assigning members to a producer zone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -After the producer zone is created it is necessary to assign member zone to it. In the example below example.com is the member and catalog.invalid is the catalog. +After the producer zone is created it is necessary to assign member zones to it. +In the example below ``example.com`` is the member and ``catalog.invalid`` is the catalog. .. code-block:: shell @@ -94,7 +103,8 @@ After the producer zone is created it is necessary to assign member zone to it. Setting catalog values is supported in the :doc:`API `. -Each member zone may have one or more additional properties. PowerDNS supports the flowing properties: +Each member zone may have one or more additional properties. +PowerDNS supports the flowing properties: - coo - A single DNSName - group - Multiple string values for group are allowed @@ -104,18 +114,21 @@ Each member zone may have one or more additional properties. PowerDNS supports t pdnsutil set-option example.com producer coo other-catalog.invalid pdnsutil set-option example.com producer group pdns-group-x pdns-group-y -There is also an option to set a specific value for a zone this is done by setting a the `unique` value. This is used to signal a state reset to the consumer. The value u unique is a single dns label. +There is also an option to set a specific value for a zone. This is done by setting a the ``unique`` value. +This is used to signal a state reset to the consumer. +The value for ``unique`` is a single DNS label. .. code-block:: shell pdnsutil --config-dir=. --config-name=gmysql set-option test.com producer unique 123 -Setting options is not yet supported in the API.` +Setting options is not yet supported in the API. Setting up a consumer zone ~~~~~~~~~~~~~~~~~~~~~~~~~~ Setting up a consumer zone on a secondary server is almost identical to a normal secondary zone. +The only difference is the type, which is now set to CONSUMER. .. code-block:: shell diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index 9eeff00369..da44a93648 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -748,7 +748,7 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, zrr.dr.d_name = target; zrr.dr.d_ttl = 0; zrr.dr.d_type = QType::NS; - zrr.dr.d_content = std::make_shared("invalid."); + zrr.dr.d_content = std::make_shared("invalid."); zrrs.emplace_back(zrr); }