From c3e8ff7b21a86137376f0fb180a701df67870e5a Mon Sep 17 00:00:00 2001 From: Lai Jiang Date: Mon, 25 Jul 2016 07:25:44 -0700 Subject: [PATCH] Prevent orphan glue records from being published When a domain refreshes, always delete all of its subordinate host records and then add glue records for its in-bailiwick nameservers, if the domain is in a publishable status. When a host refreshes, delete its glue record (if any) and then refresh its superordinate domain. The goal is to prevent A/AAAA records for hosts that are not used as in-bailiwick nameservers from being published in the DNS. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=128354008 --- java/google/registry/dns/writer/api/DnsWriter.java | 11 ++++++----- java/google/registry/model/domain/DomainBase.java | 8 +++++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/java/google/registry/dns/writer/api/DnsWriter.java b/java/google/registry/dns/writer/api/DnsWriter.java index 57741bc45..be24b52cf 100644 --- a/java/google/registry/dns/writer/api/DnsWriter.java +++ b/java/google/registry/dns/writer/api/DnsWriter.java @@ -39,11 +39,12 @@ public interface DnsWriter extends AutoCloseable { void publishDomain(String domainName); /** - * Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server. - * Replaces existing records for the exact name supplied, with an A or AAAA record (as - * appropriate) for each address stored in the registry, for the supplied host name. If the host - * is deleted then the existing records are deleted. Assumes that this method will only be called - * for in-bailiwick hosts. The registry does not have addresses for other hosts. + * Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server, + * if it is used as an in-bailiwick nameserver. Orphaned glue records are prohibited. Replaces + * existing records for the exact name supplied, with an A or AAAA record (as appropriate) for + * each address stored in the registry, for the supplied host name. If the host is deleted then + * the existing records are deleted. Assumes that this method will only be called for in-bailiwick + * hosts. The registry does not have addresses for other hosts. * * @param hostName the fully qualified host name, with no trailing dot */ diff --git a/java/google/registry/model/domain/DomainBase.java b/java/google/registry/model/domain/DomainBase.java index aa7e9ae2b..fd864dba7 100644 --- a/java/google/registry/model/domain/DomainBase.java +++ b/java/google/registry/model/domain/DomainBase.java @@ -35,6 +35,7 @@ import com.google.common.base.Predicate; import com.google.common.collect.FluentIterable; import com.google.common.collect.ImmutableSet; import com.google.common.collect.ImmutableSortedSet; +import com.google.common.collect.Ordering; import com.googlecode.objectify.Ref; import com.googlecode.objectify.annotation.Entity; import com.googlecode.objectify.annotation.IgnoreSave; @@ -185,15 +186,16 @@ public abstract class DomainBase extends EppResource { } /** Loads and returns the fully qualified host names of all linked nameservers. */ - public ImmutableSet loadNameserverFullyQualifiedHostNames() { + public ImmutableSortedSet loadNameserverFullyQualifiedHostNames() { return FluentIterable.from(ofy().load().refs(getNameservers()).values()) .transform( new Function() { @Override public String apply(HostResource host) { return host.getFullyQualifiedHostName(); - }}) - .toSet(); + } + }) + .toSortedSet(Ordering.natural()); } /** A reference to the registrant who registered this domain. */