On 09/16/2011 09:51 AM, Martin Kosek wrote:
On Thu, 2011-09-15 at 10:26 +0200, Adam Tkac wrote:
Your proposal seems fine for me. However I would recommend not to expose
routines for managing DNSSEC related records because DNSSEC is currently
not supported in the bind-dyndb-ldap. This doesn't mean you should
remove code which handles those records, just don't expose them to
users, please. Routines can be reused in future, when we decide how to
handle DNSSEC in FreeIPA.
I checked the "dnsrecord-<rrtype>-add" list below and DNSSEC related
records are DS, KEY, NSEC, RRSIG, SIG.
Since we don't know how DNSSEC records will be handled, I would rather
don't implement the methods now and then reimplement them.
When I was implementing DNS validators in patch 120 I noticed we provide
API to add many RR types that are not supported via bind-dyndb-ldap at
all. Any attempt to add them ends with missing LDAP schema attribute
Since the new API is targeted for new FreeIPA major release I wouldn't
be afraid to remove all these RR types from our API (they don't work
This applies to these RR types: APL, DHCID, DLV, DNSKEY, HIP, IPSECKEY,
NSEC3, NSEC3PARAM, RP, TA, TKEY, TSIG.
IMO, we should then add there RR types _only_ when they are supported by
Ack, this is the best for now.
Freeipa-devel mailing list