Review request: DNS server implementation

simo idra at
Thu Oct 14 05:44:07 MDT 2010

On Thu, 2010-10-14 at 16:37 +1100, tridge at wrote:
> Hi Simo,
>  > Yes this is true, it would be best to just accept * and let the gssapi
>  > library find a match within the keys in the keytab.
> To cope with possibly shared keytabs I was planning on using the
> wildcard match code in bind and default it to DNS/*

Unless you store *many* keys in a single keytab it wouldn't be
necessary. Besides I am not sure you can pass DNS/* to GSSAPI.

>  > Or you can collaborate with distros to get the patches in sooner.
>  > That's what we did with bind in Fedora/RHEL. As soon as we knew the
>  > patches would be accepted upstream we added them to the current
>  > distribution.
> There is more to Samba than just Linux distro builds. The range of
> OSes people use is huge, and not all are as approachable about getting
> their basic utilities updated.

Should this really be our problem ? Every project has specific
dependencies that you have to meet if you want to use it.
Having to meet dependencies is pretty common nowadays.

> Even with the big distros, how would we get updates for RHEL or SLES
> out quickly? That takes a long time.

You can never get revolutionaries updates out that quickly, if ever,
leave the matter to repos like EPEL, or other backports.

> I suspect the total work of making bind do the right thing on all the
> distros we care about may be of a similar magnitude to writing a new
> DNS server, assuming Kai continues to progess as he has.

What we need is to have a clear dependency chain that include the
version you need. Let the distribution and maintainers do the work of
getting stuff up to date. That's what they do, it's their job.
We just need to make their work possible.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list