From pspacek@redhat.com Tue Feb 16 12:53:42 2016 X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.24 MIME-Version: 1.0 In-Reply-To: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 X-RT-Interface: API References: <568E4DD6.8080106@redhat.com> <569CC9B6.20707@redhat.com> <20160118121409.596794058CB4@rock.dv.isc.org> <569CDB4A.9010503@redhat.com> Message-ID: <56C31BD1.4070408@redhat.com> content-type: text/plain; charset="utf-8" Organization: Red Hat X-RT-Original-Encoding: utf-8 Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by bugs.isc.org (Postfix) with ESMTP id 5F14C71B5A8 for ; Tue, 16 Feb 2016 12:53:42 +0000 (UTC) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id D0EB0349491 for ; Tue, 16 Feb 2016 12:53:40 +0000 (UTC) Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id EFD2F8F4E1 for ; Tue, 16 Feb 2016 12:53:39 +0000 (UTC) Received: from pspacek.brq.redhat.com (pspacek.brq.redhat.com [10.34.128.7]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u1GCrceZ001056 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 16 Feb 2016 07:53:39 -0500 Delivered-To: bind-suggest@bugs.isc.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 Subject: Re: [ISC-Bugs #41441] auto-disable empty zones if forward 'first' is configured Return-Path: X-Original-To: bind-suggest@bugs.isc.org Date: Tue, 16 Feb 2016 13:53:37 +0100 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org To: bind-suggest@isc.org Content-Transfer-Encoding: 8bit From: "Petr Spacek" RT-Message-ID: Content-Length: 1257 On 21.1.2016 22:52, Mark Andrews via RT wrote: > Meant to send this as a reply > > On Mon Jan 18 15:56:13 2016, marka wrote: >> We really can't second guess what the user wants. We could look at >> issuing >> a warning if rfc1918 && inherited(first) -> warning. >> >> e.g. >> zone 1.0.10.in-addr.arpa { type forward; forwarders { … }; }; -> >> warning >> >> zone 1.0.10.in-addr.arpa { type forward; forward first; forwarders { … >> }; }; -> no warning >> >> "inherited 'forward first;' for rfc1918 zone '%s' - did you want >> 'forward only;'? (use explicit 'forward first;' in zone declaration to >> disable warning)" >> >> If you feel like coding this we can review it. I got lost in the configuration logic and I cannot see an obvious way how to do this. Would it be okay to always print a warning if policy == first and the zone is one of automatic empty zones? For me it is hard to imagine a case where it okay to use policy 'first' anyway. This reminds me one more thing regarding auto-disabling empty zones for policy == only. If the user defined forward zone 3.2.10.in-addr.arpa it unloads complete zone 10.in-addr.arpa. As a consequence, queries for rest of 10.in-addr.arpa will leak. Is this expected/okay? -- Petr Spacek @ Red Hat