[Chilli] uamdomain / uamallowed
Wichert Akkerman
wichert at wiggy.net
Wed Nov 10 08:46:47 UTC 2010
On 11/10/10 06:51 , David Bird wrote:
> In an effort to make uamdomain a bit more flexible, a change is
> required. Right now, DNS queries ending in any uamdomain defined are
> added to the garden when resolved. This means it's always "*uamdomain"
> in the match. Instead, maybe the "*" should have to be explicitly, as in
> "uamdomain=*.domain.com" so that you can also do single hostnames such
> as "uamdomain=singlehost.domain.com". ?
I had always expected uamdomain to specify a single domain, not a
wildcard. I feel pretty strongly wildcards should be explicitly
specified since they can be a security risk.
> Or, uamdomain could be kept as-is (and via an option) hostnames in
> uamallowed can be "re-checked" against DNS to pick up any round-robin
> (or just new) IP addresses to add to garden ? This way, the syntax for
> uamdomain does not need to change and hostnames used in uamallowed will
> update the walled garden when those hostnames are resolved by users (and
> not just resolved on start-up).
Perhaps cache entries for a configurable amount of time?
Wichert.
More information about the Chilli
mailing list