DNS TSIG updates need to check ACLs

Kai Blin kai at samba.org
Fri Nov 9 01:48:17 MST 2012

On 2012-11-09 09:17, Stefan (metze) Metzmacher wrote:

Hi Metze,

>> Ok, after looking at a network capture and the code,
>> I think we can fix lib/addns/dnsgss.c to work arround the problem.
>> Please review and push the attached patches.

Yes, that's pretty much what Andriy suggested in September. I'm not
completely happy with that change, because it effectively just hides
that BIND isn't behaving correctly. If we ever ditch libaddns for
something that does a correct check, we'll run into the problem again.

That said, I see the value of fixing this for our users. The patch looks
good to me. If someone else has time to do a proper review of it, feel
free to push it.


Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/

More information about the samba-technical mailing list