Martin Kosek wrote:
On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
These 2 patches changes the DNS API to support the last missing bits in
new bind-dyndb-ldap:

1) Both global and per-zone forwarders now support a conditional custom
port (with format "IP_ADDRESS PORT")
2) Missing global configuration options have been added:
  * idnsforwardpolicy: Default policy for conditional forwarding
  * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
  * idnszonerefresh: Default interval between regular polls of the
    name server for new DNS zones

Before these patches are pushed, I will just have to update the minimal
bind-dyndb-ldap version (it has not been built yet) which have a full
support for these.


New version of bind-dyndb-ldap has been released, attaching a rebased
patch with fixed bind-dyndb-ldap version in spec file.

I also fixed the forwarder format, it should be "$IP port $PORT", not
"$IP $PORT" as it was in a previous version of the patch. I tested this
new format with bind-dyndb-ldap it forwards the queries properly.

Unfortunately, fixed version of bind have not been released yet, i.e.
bind will crash if forwarders are defined both in named.conf and LDAP
global configuration (dnsconfig-mod).


The patch itself looks ok, just a couple of general concerns:

1. By default dnsconfig-show displays nothing. This is a little disconcerting. I don't believe we show empty attributes anywhere else, not sure if we should make an exception here or show some other message, perhaps a varying summary?

2. I don't think there is a lot we can do but this still conflicts with the file-based configuration. For example, someone can add a forwarder and caused named to not restart the next time because there is also one defined in named.conf. I'd almost prefer that one win rather than the daemon not start at all. But for our purposes people may get confused because they don't see the forwarders they configured at install time and merely managing this list can break your name server at some undetermined future point.


Freeipa-devel mailing list

Reply via email to