Re: [Pdns-users] Checking constraints on MySQL records and auto-rectify

Wed, 30 Jan 2013 00:10:04 -0800 

Hi Jan-Piet,

thanks for sharing your ideas.
At least in my usecase, I'd prefer to place the check logic in to the system that fills the pdns database.
This, of course, has the shortcoming that the database can be in an inconsistent state.
But, for example, rectify zone is run when all changes for a certain zone are done, and not for every record changed. 

This also enables that one can integrate IP Address Management with DNS.
I also think that it is easier to write the check logic with a language like Python or Java than with the MySQL Procedure Language.
Once you have written the check logic in your preferred Language, you can just switch your jdbc or SQLAlchemy driver and use it with a different Database. Writing it in MySQL Stored Procedure Language ties you even tighter to that database. But there could be the day where an important feature like replication or backup is implemented so much better in a different Database so that you really want to switch. 

Just my 2ยข

Thomas

On 01/30/2013 07:47 AM, Jan-Piet Mens wrote:

On long, solitary drives I get crazy ideas, and at a beastly hour this
morning, it happened again:

It ought to be possible (famous last words) to create a set of MySQL
triggers and a couple of User Defined Functions (UDF) which ensure that
data entered into PowerDNS' MysQL database tables (in particular,
`domains' and `records') follow a set of defined constraints. These
would be caught irrespective of which front-end is used for
INSERTs/UPDATEs. I'm thinking of things like

* domain names must not be fully qualified
* names must not contain white space
* A records must contain an IPv4, AAAA records an IPv6 address
* NS records must not contain an address
* No CNAME and other data [1]
* etc.

Additionally, we could maybe implement automatic rectification of
records for the DNSSEC schema, setting `auth', 'order', etc. columns
correctly.

Has anybody done this already?

I'm thinking along the lines of a UDF which employs regexes for ensuring
most rules (except A, AAAA: there I'd use inet_pton(3)).

Is it worth an attempt, or people consider this useless?

I'd be prepared to show a bit of love for PowerDNS and toy a bit further
with the idea. Thoughts?

Regards,

         -JP

[1] I've already demonstrated a trigger which forbids this
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users



_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to