On Thu, 2011-09-15 at 10:26 +0200, Adam Tkac wrote: > On 09/14/2011 06:18 PM, Martin Kosek wrote: > > Attached in the txt file. If you have any comments or suggestions to > > this proposal, please let me know. > > > > https://fedorahosted.org/freeipa/ticket/1766 > > Your proposal seems fine for me. However I would recommend not to expose > routines for managing DNSSEC related records because DNSSEC is currently > not supported in the bind-dyndb-ldap. This doesn't mean you should > remove code which handles those records, just don't expose them to > users, please. Routines can be reused in future, when we decide how to > handle DNSSEC in FreeIPA. > > I checked the "dnsrecord-<rrtype>-add" list below and DNSSEC related > records are DS, KEY, NSEC, RRSIG, SIG. > > Regards, Adam
Since we don't know how DNSSEC records will be handled, I would rather don't implement the methods now and then reimplement them. When I was implementing DNS validators in patch 120 I noticed we provide API to add many RR types that are not supported via bind-dyndb-ldap at all. Any attempt to add them ends with missing LDAP schema attribute error. Since the new API is targeted for new FreeIPA major release I wouldn't be afraid to remove all these RR types from our API (they don't work anyway). This applies to these RR types: APL, DHCID, DLV, DNSKEY, HIP, IPSECKEY, NSEC3, NSEC3PARAM, RP, TA, TKEY, TSIG. IMO, we should then add there RR types _only_ when they are supported by bind-dyndb-ldap. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
