SovereignCloudStack
Add standard for DNS
Based on the latest findings of https://github.com/SovereignCloudStack/issues/issues/229 I made the following changes/additions:
- only make the
dnsdriver mandatory (notdns_domain_ports); this should be more then sufficient for internal DNS - for infrastructures offering DNSaaS (Designate), instead make
dns_domain_portsmandatory andsubnet_dns_published_fixed_iprecommended
I implemented a test script that verifies the existence of the API extensions as mandated by the current standard draft. The script queries the Neutron Extensions API and relies on the information it provides.
However, due to https://bugs.launchpad.net/neutron/+bug/2063669 the test will succeed in any OVN-based setup since the DNS extensions are always reported as being available even if none of them actually are.
Upstream needs to fix this for the test script to actually report accurate results ...
LGTM, beside missing two explanations for "OVM" and "OVS".
Thanks for pointing that out! This is quite important. I've added them to the glossary.
imho the standard should mandate RFC compliant DNS Servers that should be made available to the customer, given the fact there are a lot of non compliant dns servers out there.
Good idea. Do you have a list of RFCs a good recursor should adhere to? I'm not sure if we need to list the RFCs of all RRs which we expect to be supported or whether that's something any base-RFC-compliant recursor MUST handle correctly anyway (even though history has shown they don't always).
I demoted some of the guidelines in this standard from MUST to SHOULD as a result of the recent CSP discussion (see here).
As a result, the API tests I implemented for the conformance tests are not applicable anymore and I removed them. They wouldn't have worked properly with Neutron's current implementation anyway.
I like the addition of threats like zone squatting.
Merci for the approval.
