[OpenAFS] Limiting mount point to known cells
Harald Barth
haba@kth.se
Sat, 27 Aug 2022 10:34:07 +0200 (CEST)
> In the same thread, a blacklist (or whitelist) of cell names was
> suggested to prevent afsdb queries for troublesome domains but it
> seems it never got implemented.
If the blacklist specification is visible and not hidden
in some new magic file, I think that would be good.
My suggestion would be to add the possibility to specify
this in CellServDB.
>git BLACKLIST
or something like that. Because then anyone who wants a cell named
"git" (you never know the users' wishes) would see this when looking
through CellServDB to determine why it does not work as expected.
I am normally not for blacklists, but what can you do?
But wait a moment... Can't we assume that all cell names that we
ask in DNS contain at least one dot "." in the middle? I doubt
that there are AFS cells named without dot that we need to
resolve with DNS. What do you think about that?
Harald.