On Mon, 2011-08-15 at 10:22 -0400, Dmitri Pal wrote: > On 08/15/2011 08:20 AM, Martin Kosek wrote: > > A new version of bind-dyndb-ldap has been released. Thanks to the new > > persistent search feature, the name server can immediately pull new DNS > > zones when they are created in IPA. > > > > Since the bind-dyndb-ldap plugin has not been released in F-15 yet, one > > has to use the provided src.rpm: > > > > http://mkosek.fedorapeople.org/bind-dyndb-ldap/srpm/bind-dyndb-ldap-0.2.0-5.fc17.src.rpm > > > > or rpms I built for x86_64 F-15: > > > > http://mkosek.fedorapeople.org/bind-dyndb-ldap/x86_64/ > > > > There is one setback though. When I investigated DNS persistent search > > behavior I still miss the ability to detect changes to the DNS zone > > itself. Adding a record (for example MX record) to the zone does not > > trigger an update of the zone in nameserver cache. We still have to wait > > for cache timeout (argument "cache_ttl"). We cannot therefore use this > > feature as a solution of: > > > > https://fedorahosted.org/freeipa/ticket/1114 > > https://fedorahosted.org/freeipa/ticket/1125 > > https://fedorahosted.org/freeipa/ticket/1126 > > So what are our options here?
I see we have the following options here: 1) Consult this with AdamT and let him enhance bind-dyndb-ldap to track not only add/modification operations with DNS zone (for example modifying SOA record of example.com - this works), but also adding of a new DNS record to the zone (a new MX record in example.com) or even to regular DNS records (A record foo.example.com). When I spoke with Adam last week (for following 2 weeks he is on PTO) he said it is doable but has a potential if creating bugs in the plugin so he implemented just the first part that we see. 2) Let user adjust "cache_ttl" parameter. This bind-dyndb-ldap parameter sets validity of the internal DNS record cache. When a DNS record is changed/updated, user can get the updated value after $cache_ttl seconds. This is the same for updating DNS records in the zone (MX of example.com) and updating regular DNS records (A record of foo.example.com). User can set it to the value that reflects his needs for the speed of propagation of the DNS record updates and requirements on DNS performance. We just have to make sure that this behavior is clearly explained in our documentation. Martin _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel