Open patch0 opened 7 years ago
Yes, there is no checks in symbiosis-dns to make sure that /srv/domain.com can only have records for domain.com.
Ideally, each domain's records would be joined together, and there would be some magic to decide what records each domain can set, before uploading, rather than just blindly copying and overwriting files.
-- Patrick J Cherry Director of operations http://www.bytemark.co.uk/ Bytemark Hosting tel: +44 (0) 1904 890 890
Originally posted by @patch0 on 2014-06-25T08:44:03.000Z
A simpler fix would be to prefix the file name with the domain name before copying to /root/BytemarkDNS/data - thus ensuring that there's no name space conflict. After all, it's entirely possible that both files contain good data. Consider the case where a user wants to publish extra TXT records without editing a.com.txt or x.com.txt, and chooses this perfectly sensible file naming scheme:
/srv/a.com/config/dns/a.com.txt /srv/a.com/config/dns/extra-records.txt
/srv/x.com/config/dns/x.com.txt /srv/x.com/config/dns/extra-records.txt
In fact, this would be a nice new feature. Additional TXT records are quite commonly required for proof of domain ownership, for example.
If we have DNS files like so:
/srv/a.com/config/dns/a.com.txt (with some random DNS entries in it)
/srv/x.com/config/dns/x.com.txt /srv/x.com/config/dns/a.com.txt (with different a.com.txt DNS entries in it)
symbiosis-dns-generate will copy the a.com.txt file from a.com, and then overwrite it with the entry from x.com . At a guess, this happens in alphabetical order and would be fine if things were reversed.
Could be a WONTFIX that relies on users being sensible, or we could eg, give precedence to a.com.txt from /srv/a.com over the version in /srv/x.com .