zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-14 16:37:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Prevent orphan glue records from being published

Browse source 
When a domain refreshes, always delete all of its subordinate host
records and then add glue records for its in-bailiwick nameservers, if
the domain is in a publishable status. When a host refreshes, delete
its glue record (if any) and then refresh its superordinate domain. The
goal is to prevent A/AAAA records for hosts that are not used as
in-bailiwick nameservers from being published in the DNS.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=128354008
This commit is contained in:
Lai Jiang 2016-07-25 07:25:44 -07:00 committed by Justine Tunney
parent 05ec2ff421
commit c3e8ff7b21
2 changed files with 11 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
java/google/registry/dns/writer/api/DnsWriter.java
View file

@ -39,11 +39,12 @@ public interface DnsWriter extends AutoCloseable {
void publishDomain(String domainName); void publishDomain(String domainName);
/** /**
* Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server. * Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server,
* Replaces existing records for the exact name supplied, with an A or AAAA record (as * if it is used as an in-bailiwick nameserver. Orphaned glue records are prohibited. Replaces
* appropriate) for each address stored in the registry, for the supplied host name. If the host * existing records for the exact name supplied, with an A or AAAA record (as appropriate) for
* is deleted then the existing records are deleted. Assumes that this method will only be called * each address stored in the registry, for the supplied host name. If the host is deleted then
* for in-bailiwick hosts. The registry does not have addresses for other hosts. * the existing records are deleted. Assumes that this method will only be called for in-bailiwick
* hosts. The registry does not have addresses for other hosts.
* *
* @param hostName the fully qualified host name, with no trailing dot * @param hostName the fully qualified host name, with no trailing dot
*/ */

8
java/google/registry/model/domain/DomainBase.java
View file

@ -35,6 +35,7 @@ import com.google.common.base.Predicate;
import com.google.common.collect.FluentIterable; import com.google.common.collect.FluentIterable;
import com.google.common.collect.ImmutableSet; import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Ordering;
import com.googlecode.objectify.Ref; import com.googlecode.objectify.Ref;
import com.googlecode.objectify.annotation.Entity; import com.googlecode.objectify.annotation.Entity;
import com.googlecode.objectify.annotation.IgnoreSave; import com.googlecode.objectify.annotation.IgnoreSave;
@ -185,15 +186,16 @@ public abstract class DomainBase extends EppResource {
} }
/** Loads and returns the fully qualified host names of all linked nameservers. */ /** Loads and returns the fully qualified host names of all linked nameservers. */
public ImmutableSet<String> loadNameserverFullyQualifiedHostNames() { public ImmutableSortedSet<String> loadNameserverFullyQualifiedHostNames() {
return FluentIterable.from(ofy().load().refs(getNameservers()).values()) return FluentIterable.from(ofy().load().refs(getNameservers()).values())
.transform( .transform(
new Function<HostResource, String>() { new Function<HostResource, String>() {
@Override @Override
public String apply(HostResource host) { public String apply(HostResource host) {
return host.getFullyQualifiedHostName(); return host.getFullyQualifiedHostName();
}}) }
.toSet(); })
.toSortedSet(Ordering.natural());
} }
/** A reference to the registrant who registered this domain. */ /** A reference to the registrant who registered this domain. */