[Dnssec-trigger] Extracting hot-spot detection and servers probing code into a library
thozza at redhat.com
Wed May 14 14:14:09 UTC 2014
----- Original Message -----
> On 14.5.2014 15:54, Paul Wouters wrote:
> > On 05/14/2014 08:55 AM, Tomas Hozza wrote:
> >> Since we plan to implement NetworkManager DNS plugin for
> >> unbound that would in the end replace dnssec-trigger, it
> >> will have to do the same set of tests as dnssec-trigger
> >> daemon does right now.
> >> We are thinking about extracting the necessary code
> >> dnssec-trigger uses into a separate library. The library
> >> could be then used by the unbound NM plugin. We are also
> >> interested in possibly extending the set of nameservers
> >> tests based on .
> > That would be great!
> >> We are interested in your opinion on this. Would you be
> >> OK with the extraction of the code into a library?
> >> The library could be then distributed as a part of
> >> dnssec-trigger.
> >> 
> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-roadblock-avoidance/
> > Note that I asked a few ccTLD operators for a stable wildcard record for
> > testing the forwarder for the "bad old bind cname/wildcard bug" and
> > CentralNic assisted
> > us and put a stable record in at:
> > *._probe.uk.com. IN CNAME fedoraproject.org.
> > *._probe.us.com. IN CNAME fedoraproject.org.
> > *._probe.cn.com. IN CNAME fedoraproject.org.
> > This can be used for a new test for
> > https://bugzilla.redhat.com/show_bug.cgi?id=1096240
> I think we should:
> - Make test names/records configurable in the library.
> - Deploy own Fedora-sub-tree dedicated to DNS-tests. It can be something like
> dnstest.fedoraproject.org. and put all necessary records there.
> This allows every distributor to build the library with it's own set of
> This avoids single point of failure (from the perspective of all library
> users) and removes dependency on external entity.
I totally agree. We should not hardcode anything in the library if possible!
Software Engineer - EMEA ENG Developer Experience
Red Hat Inc. http://cz.redhat.com
More information about the dnssec-trigger