google-nomulus

mirror of https://github.com/google/nomulus.git synced 2025-04-30 03:57:51 +02:00

History

jianglai 1227046bcb Fix in-baliwick nameserver check bug in CloudDnsWriter In publishDomain, we load the subordinate hosts of the domain from datastore and compare its nameservers to them. For any nameserver that is in-baliwick, we call publishSubordinateHost on it and stage the A/AAAA records of the host for publication. This is superior to the old approach where we use hostName.endsWith(domainName) to check if a nameserver is in-baliwick because it will mistake ns.another-example.tld as a subordinate host of example.tld. It is also better than checking hostName.endsWith("." + domainName), which will catch false positives as above, but falls short in a corner case where the nameserver has been deleted before its superordinate domain's record is updated. In that case, subordinateHosts.cotains(hostName) will be false but hostName.endsWith("." + domainName) will still be true. Note that we still use the suffix check in filterGlueRecords because it is filtering on existing records from Cloud DNS. It is even advantageous to do so because if there were (and there shouldn't be if everything is consistent) any orphaned glue records (suffix matches to the domain, but not actually in its subordinate host list), they would be retained by the filter and therefore be deleted when the staged changes are committed. Also fixed a few tests that should have failed had we checked subrodinate hosts.... ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=184732005	2018-02-20 15:15:57 -05:00
..
com/google/testing/builddefs	Update copyright year on all license headers	2017-02-02 16:27:22 -05:00
google/registry	Fix in-baliwick nameserver check bug in CloudDnsWriter	2018-02-20 15:15:57 -05:00

jianglai 1227046bcb Fix in-baliwick nameserver check bug in CloudDnsWriter

In publishDomain, we load the subordinate hosts of the domain from datastore and compare its nameservers to them. For any nameserver that is in-baliwick, we call publishSubordinateHost on it and stage the A/AAAA records of the host for publication.

This is superior to the old approach where we use hostName.endsWith(domainName) to check if a nameserver is in-baliwick because it will mistake ns.another-example.tld as a subordinate host of example.tld. It is also better than checking hostName.endsWith("." + domainName), which will catch false positives as above, but falls short in a corner case where the nameserver has been deleted before its superordinate domain's record is updated. In that case, subordinateHosts.cotains(hostName) will be false but hostName.endsWith("." + domainName) will still be true.

Note that we still use the suffix check in filterGlueRecords because it is filtering on existing records from Cloud DNS. It is even advantageous to do so because if there were (and there shouldn't be if everything is consistent) any orphaned glue records (suffix matches to the domain, but not actually in its subordinate host list), they would be retained by the filter and therefore be deleted when the staged changes are committed.

Also fixed a few tests that should have failed had we checked subrodinate hosts....

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=184732005

2018-02-20 15:15:57 -05:00

com/google/testing/builddefs

Update copyright year on all license headers

2017-02-02 16:27:22 -05:00

google/registry

Fix in-baliwick nameserver check bug in CloudDnsWriter

2018-02-20 15:15:57 -05:00