[Chilli] uamdomain / uamallowed

David Bird david at coova.com
Wed Nov 10 10:05:09 UTC 2010


By "single domain" you then mean an implicit "*.domain" match? I suppose
that is just nomenclature, but I think most would consider a "domain" a
group of hostnames, not just one (even if that "hostname" is
"coova.org"). Hmm.. maybe we do explicitly require *-wildcard matching,
but automatically add the "*" prefix if the uamdomain starts with a
'.' (for those who already use ".coova.org", for example, in their
configurations). 

On Wed, 2010-11-10 at 09:46 +0100, Wichert Akkerman wrote:
> On 11/10/10 06:51 , David Bird wrote:
> > In an effort to make uamdomain a bit more flexible, a change is
> > required. Right now, DNS queries ending in any uamdomain defined are
> > added to the garden when resolved. This means it's always "*uamdomain"
> > in the match. Instead, maybe the "*" should have to be explicitly, as in
> > "uamdomain=*.domain.com" so that you can also do single hostnames such
> > as "uamdomain=singlehost.domain.com". ?
> 
> I had always expected uamdomain to specify a single domain, not a 
> wildcard. I feel pretty strongly wildcards should be explicitly 
> specified since they can be a security risk.
> 
> > Or, uamdomain could be kept as-is (and via an option) hostnames in
> > uamallowed can be "re-checked" against DNS to pick up any round-robin
> > (or just new) IP addresses to add to garden ?  This way, the syntax for
> > uamdomain does not need to change and hostnames used in uamallowed will
> > update the walled garden when those hostnames are resolved by users (and
> > not just resolved on start-up).
> 
> Perhaps cache entries for a configurable amount of time?
> 
> Wichert.
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli




More information about the Chilli mailing list