Review request: DNS server implementation
simo
idra at samba.org
Wed Oct 13 06:01:20 MDT 2010
On Wed, 2010-10-13 at 08:12 +0200, Kai Blin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2010-10-13 00:20, Andrew Bartlett wrote:
>
> >> 11) samba3 uses libaddns, which is a hand-marshalled DNS client library.
> >> There's currently 1814 lines of code in the *.c files. We can easily
> >> replace this with an IDL-generated library, allowing us to maintain
> >> _that_ particular implementation of DNS in Samba. Given that the storage
> >> backend for the DNS server already exists, all that's left is a pretty
> >> thin layer of code.
> >
> > I was wondering if for this layer (only) if there would be advantages to
> > using unbound?
> >
> > http://www.unbound.net/documentation/libunbound-tutorial-4.html
>
> I'm not quite sure I understand your suggestion here. The layer I'm
> talking about is the glue code that translates from the DNS wire format
> to and from the in-LDAP storage format of DNS, which is pretty similar
> but slightly different. (Thank you Microsoft.) For the update code,
> there's some additional sanity checks the server needs to do to return
> the correct error codes. I'm not sure how libunbound, an async dns
> resolver library, helps here. Or are you suggesting to drop libaddns in
> favour of libunbound? In that case we'd have to check libunbound in
> versions available in common distros groks GSSAPI signing of update
> requests.
>
> >> All in all I'm not convinced that going the BIND route is less work,
> >> pain, or long term maintenance effort.
> >
> > I shared Simo's view that we didn't want to get into the DNS server
> > game, until I started working with Tridge on this. I've never even
> > tried to get this working, but from numerous reports this is currently
> > this is the single most unreliable aspect of our provision and HOWTO.
>
> Just my point. And we can only test for working setups manually.
You can easily write unit tests for the database code. You don't really
need to test the DNS replies, you outsource that problem to the DNS
server. (that's the point after all, avoid having to maintain code).
You will find out easily enough if something major breaks anyway.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list