[Chilli] uamdomain / uamallowed

Wichert Akkerman wichert at wiggy.net
Wed Nov 10 08:46:47 UTC 2010


On 11/10/10 06:51 , David Bird wrote:
> In an effort to make uamdomain a bit more flexible, a change is
> required. Right now, DNS queries ending in any uamdomain defined are
> added to the garden when resolved. This means it's always "*uamdomain"
> in the match. Instead, maybe the "*" should have to be explicitly, as in
> "uamdomain=*.domain.com" so that you can also do single hostnames such
> as "uamdomain=singlehost.domain.com". ?

I had always expected uamdomain to specify a single domain, not a 
wildcard. I feel pretty strongly wildcards should be explicitly 
specified since they can be a security risk.

> Or, uamdomain could be kept as-is (and via an option) hostnames in
> uamallowed can be "re-checked" against DNS to pick up any round-robin
> (or just new) IP addresses to add to garden ?  This way, the syntax for
> uamdomain does not need to change and hostnames used in uamallowed will
> update the walled garden when those hostnames are resolved by users (and
> not just resolved on start-up).

Perhaps cache entries for a configurable amount of time?

Wichert.


More information about the Chilli mailing list