Have libpaf connect to all addresses of DNS-based address #22
Labels
enhancement
New feature or request
Comments
|
The use-all-DNS-FQDN-IPs would lead to the same credentials (cert, key, and trusted CA bundle) to be used for all servers under a particular DNS name. |
|
Should there be a way to handle multi-homed servers residing behind the same DNS FQDN? |
|
libpaf would need to poll DNS to see if the number or contents of records for a particular domain changes. In essence, the DNS hostname will provide the same information as are in the domain file (i.e., a list of server addresses. but minus "extra" such as tlsCertificateFile). Polling frequency should be determined by the DNS TTL. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For TLS or TCP type server addresses, libpaf should resolve the DNS name and connect to all IPv4 and IPv6 addresses, treating each A och AAA record as a separate server.
Current libpaf relies on XCM for name resolution, which in turn relies on glibc and the system's configuration, and picks one addresses out of those available for a particular DNS FQDN.
Considering the change in semantics, this new behavior should only be exhibited if it is explicitly enabled (in the domains file).
The text was updated successfully, but these errors were encountered: