circular ACLs, named and named-checkconf inconsistency
Stefan Puiu
stefanpuiu at itcnetworks.ro
Thu Mar 3 14:20:49 UTC 2005
Hello,
I've noticed an inconsistency between BIND's behaviour and
named-checkconf's with respect to configuration files that contain
constructs like the following:
acl "ddns1" {
{ ddns2; } ;
};
acl "ddns2" {
{ 10.x.x.x;ddns1; } ;
};
Then further down:
options {
...
allow-query { ddns1; };
};
named-checkconf doesn't report any problems, while BIND crashes with it
(tested on Windows 2000 with BIND 9.3.1rc1; didn't test this on UNIX).
Of course this is a brain damaged example that nobody would use in their
configuration file. However, if you're not careful enough you can easily
screw this up by defining a cycle in the ACL graph (something less
obvious than the above). It would be nice if named-checkconf would also
check for cycles in nested ACLs. Should I make a feature request and
post it on bind9-bugs? What's the procedure?
More information about the bind-users
mailing list