Group :: Networking/DNS
RPM: dlint
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
dlint1.4.1/ 0000755 0000000 0000000 00000000000 10774026274 0012561 5 ustar 00root root 0000000 0000000 dlint1.4.1/BUGS 0000644 0000000 0000000 00000003627 10774026274 0013254 0 ustar 00root root 0000000 0000000 Known Bugs in Dlint 1.4.1
* Dlint reports error in some cases for when A rec's IP addr doesn't have a
PTR rec pointing back to the exact same name. This is not an error.
It should be a warning, at the most. Maybe make it optionally a warning.
There's many reasons now why people would want to use A recs with wrong
domain names.
* Dlint checks the reverse records on your local machine's default nameserver.
(Dlint 1.3.1 and earlier asked forward-query zone's nameserver).
Neither solution seems right to me, we should determine the list of
authoritative name servers for the reverse domain name to do the query.
However doing so would slot down Dlint a _lot_.
Example: if dlint is linting zone "bbb.com" and the nameserver is ns.bbb.com
and sees the record "aaa.bbb.com. IN A 1.2.3.4", it wants to check for a
PTR record from the IP back to the domain name - what nameserver should it
query to do that? We should really figure out the zone of 4.3.2.1.in-addr.arpa.
and find the nameservers from that, and query _them_ for the PTR record
rather than asking your local host. But this would be very slow.
* There is some redundancy in checking for the illegal "#" character
(using the wrong comment symbol in zone files): the A and PTR records
occasionally will be checked twice, and can generate errors twice
(all RRs are checked by TEST 2, then some RRs are checked again in TEST 3a
and TEST 3b).
OTHER REASONS DLINT MAY NOT WORK RIGHT
* Dlint doesn't work behind some firewalls - it needs to talk to a root
nameserver to get started.
* Dlint uses the zone transfer mechanism (AXFR), which some nameservers deny to
unauthorized hosts. If dlint is denied, it won't work. Some vendor's DNS servers
have the misconfiguration that when they don't want to answer AXFR queries,
they happily return zero records with no error message or exit code!
That is a bug that should be fixed.
---