ipaddr, ipv4addr ipv6addr
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat May 31 14:14:39 CEST 2014
On 31 May 2014, at 12:57, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> >>Also... if the address doesn't resolve the
> >>server fails to start? Ouch. Very nasty
> >>behaviour -1
>
> >You've specified a remote resource >which doesn't exist.
>
> For clients though? If a client doesn't exist then , shrug, they're not going to talk to me. Some installations have very dynamic upgrades/changes and a few dozen obsolete entries might easily exist. .. or those people with random VPN hookups that have all kinds of crazy dynamic hostname setups.
Then with by the same token you used to justify doing AAAA lookups by default, the response for those sites is they need to get their act together and clean the shit out of their configs.
I'm generally all for holding administrators to very high standards of config cleanliness. The reason for using A records by default is because we have a policy of not introducing behavioural changes with point releases. But seeing as the code modifications have probably changed the behaviour of client <hostname> { entries anyway (from being first available record to a preference for V4), I guess we could switch to V6 first.
The clients behaviour is not new and I don't see a compelling reason to change it. It is easy to monitor the validity of the server config using -C, hell setup a cron job to ping administrators if the config becomes invalid for some reason...
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140531/49aa0a0b/attachment-0001.pgp>
More information about the Freeradius-Users
mailing list