DNS TSIG updates need to check ACLs
Kai Blin
kai at samba.org
Wed Nov 14 00:05:28 MST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2012-11-13 17:20, simo wrote:
> Hi Metze, they look good to me, but I thought Kai was going to look
> and ack/nack them given he is the one most involved with DNs
> stuff.
Well, I don't like them, but it's easier to work around the BIND bug
on our side than get every BIND version out there fixed, and arguably
libaddns doesn't ever do anything with the signature.
I'm concerned that we'll regress once we phase out libaddns in favour
of libcli/dns once the gss-tsig logic is also implemented there, but
we'll just have to deal with that when we get there.
There's no value in not making this work for our users.
Cheers,
Kai
- --
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCjQq8ACgkQEKXX/bF2FpSbLgCghikewcdguWLEaQCqi3L62tfN
tswAn0Hhq617TIrz1BYSh1PNBSqrGl8k
=x0mk
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list