On Fri, 2011-12-09 at 12:33 +0200, Alexander Bokovoy wrote: > On Fri, 09 Dec 2011, Martin Kosek wrote: > > This is my idea of what could be done: > > 1) Introduce a new objectClass "idnsConfigObject" which would hold all > > bind-dyndb-ldap global settings attributes. I would add the following > > attributes: > > * idnsAllowSyncPTR: global settings with semantics of sync_ptr in > > named.conf. > > * dnsForwardPolicy > > * idnsForwarders > > * idnsZoneRefresh (zone_refresh argument in named.conf) > > * idnsPersistentSearch (psearch argument in named.conf) > > > > 2) Create a config object in FreeIPA (in replicated space): > > cn=dns,cn=etc,$SUFFIX > > > > 3) Add a support for this global settings object to bind-dyndb-ldap and > > create a config option in named.conf pointing to the global config base > > DN: > > dynamic-db "ipa" { > > ... > > arg "config_base cn=dns,cn=etc,dc=example,dc=com"; > > ... > > }; > > > > 4) Add API for global DNS config to FreeIPA server. Example commands: > > $ ipa dnsconfig-show > > $ ipa dnsconfig-mod --forwarders=10.0.0.1,10.0.0.2 --forward-policy=only > I agree with the latter approach. Looks cleaner and also allows to > properly handle replicated DNS setup.
Me too, except for the location of the configuration, I think it should stay in the root node of the DNS data for simplicity. But this is a very minor point. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel