-
Notifications
You must be signed in to change notification settings - Fork 904
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth: allow turning off across-domain resolving #14604
base: master
Are you sure you want to change the base?
Conversation
Ideas on how to add regression-tests welcome. |
Pull Request Test Coverage Report for Build 10598055899Details
💛 - Coveralls |
033c2a4
to
67cb459
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about SVCB?
docs/settings.rst
Outdated
If this is enabled, CNAME records and other referrals will be resolved as long as their targets exist in any local backend. | ||
Can be disabled to allow for different authorities managing zones in the same server instance. | ||
|
||
Regardless of this setting, external targets are never resolved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope this line won't confuse ALIAS
users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we should list all "other referrals" to be clear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to re-read my own line 5 times now to understand what I meant. Hard to come up with something descriptive though.
Maybe just:
Referrals not available in local backends are never resolved.
SVCB referrals are never resolved across domains.
ALIAS is not impacted by this setting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/domains/zones/, love it otherwise
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
love it otherwise
done
s/domains/zones/
should I also do that to the setting name? various other settings use "domain" though
Is there currently some code in PDNS to follow SVCB? SVCB ist quite different as the client application needs to perform the resolving. But IMO PDNS should not provide hints out of bailiwik, regardless if CNAME, DNAME, SVCB/HTTPS, NS .... |
SVCB was taken care of by #10521 |
Default is unchanged. Turning off the new setting causes CNAME targets to not be followed across (local) domains. Also, queries that could be answered by following a local delegations are similarly not resolved.
67cb459
to
308ca1e
Compare
Short description
Addresses #10017. Introduces new setting
resolve-across-domains
. Default is the unchanged behaviour.Turning off the new setting causes CNAME targets to not be followed across (local) domains. Also, queries that could be answered by following a local delegations are similarly not resolved.
Checklist
I have: