[Pdns-users] Checking constraints on MySQL records and auto-rectify

Thomas Mieslinger miesi at pc-h.de
Wed Jan 30 08:09:36 UTC 2013

Hi Jan-Piet,

thanks for sharing your ideas.

At least in my usecase, I'd prefer to place the check logic in to the 
system that fills the pdns database.

This, of course, has the shortcoming that the database can be in an 
inconsistent state.

But, for example, rectify zone is run when all changes for a certain 
zone are done, and not for every record changed.

This also enables that one can integrate IP Address Management with DNS.

I also think that it is easier to write the check logic with a language 
like Python or Java than with the MySQL Procedure Language.

Once you have written the check logic in your preferred Language, you 
can just switch your jdbc or SQLAlchemy driver and use it with a 
different Database. Writing it in MySQL Stored Procedure Language ties 
you even tighter to that database. But there could be the day where an 
important feature like replication or backup is implemented so much 
better in a different Database so that you really want to switch.

Just my 2¢


On 01/30/2013 07:47 AM, Jan-Piet Mens wrote:
> On long, solitary drives I get crazy ideas, and at a beastly hour this
> morning, it happened again:
> It ought to be possible (famous last words) to create a set of MySQL
> triggers and a couple of User Defined Functions (UDF) which ensure that
> data entered into PowerDNS' MysQL database tables (in particular,
> `domains' and `records') follow a set of defined constraints. These
> would be caught irrespective of which front-end is used for
> INSERTs/UPDATEs. I'm thinking of things like
> * domain names must not be fully qualified
> * names must not contain white space
> * A records must contain an IPv4, AAAA records an IPv6 address
> * NS records must not contain an address
> * No CNAME and other data [1]
> * etc.
> Additionally, we could maybe implement automatic rectification of
> records for the DNSSEC schema, setting `auth', 'order', etc. columns
> correctly.
> Has anybody done this already?
> I'm thinking along the lines of a UDF which employs regexes for ensuring
> most rules (except A, AAAA: there I'd use inet_pton(3)).
> Is it worth an attempt, or people consider this useless?
> I'd be prepared to show a bit of love for PowerDNS and toy a bit further
> with the idea. Thoughts?
> Regards,
>          -JP
> [1] I've already demonstrated a trigger which forbids this
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list