[Dnssec-trigger] Extracting hot-spot detection and servers probing code into a library

Petr Spacek pspacek at redhat.com
Wed May 14 14:09:54 UTC 2014

On 14.5.2014 15:54, Paul Wouters wrote:
> On 05/14/2014 08:55 AM, Tomas Hozza wrote:
>> Since we plan to implement NetworkManager DNS plugin for
>> unbound that would in the end replace dnssec-trigger, it
>> will have to do the same set of tests as dnssec-trigger
>> daemon does right now.
>> We are thinking about extracting the necessary code
>> dnssec-trigger uses into a separate library. The library
>> could be then used by the unbound NM plugin. We are also
>> interested in possibly extending the set of nameservers
>> tests based on [1].
> That would be great!
>> We are interested in your opinion on this. Would you be
>> OK with the extraction of the code into a library?
>> The library could be then distributed as a part of
>> dnssec-trigger.
>> [1] https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-roadblock-avoidance/
> Note that I asked a few ccTLD operators for a stable wildcard record for testing the forwarder for the "bad old bind cname/wildcard bug" and CentralNic assisted
> us and put a stable record in at:
> *._probe.uk.com. IN CNAME fedoraproject.org.
> *._probe.us.com. IN CNAME fedoraproject.org.
> *._probe.cn.com. IN CNAME fedoraproject.org.
> This can be used for a new test for https://bugzilla.redhat.com/show_bug.cgi?id=1096240

I think we should:
- Make test names/records configurable in the library.
- Deploy own Fedora-sub-tree dedicated to DNS-tests. It can be something like 
dnstest.fedoraproject.org. and put all necessary records there.

This allows every distributor to build the library with it's own set of names. 
This avoids single point of failure (from the perspective of all library 
users) and removes dependency on external entity.

Petr^2 Spacek

More information about the dnssec-trigger mailing list