On 03/12/2012 07:10 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
These 2 patches changes the DNS API to support the last missing bits in
new bind-dyndb-ldap:
1) Both global and per-zone forwarders now support a conditional custom
port (with format "IP_ADDRESS PORT")
2) Missing global configuration options have been added:
* idnsforwardpolicy: Default policy for conditional forwarding
* idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
updates
* idnszonerefresh: Default interval between regular polls of the
name server for new DNS zones
Before these patches are pushed, I will just have to update the minimal
bind-dyndb-ldap version (it has not been built yet) which have a full
support for these.
Martin
New version of bind-dyndb-ldap has been released, attaching a rebased
patch with fixed bind-dyndb-ldap version in spec file.
I also fixed the forwarder format, it should be "$IP port $PORT", not
"$IP $PORT" as it was in a previous version of the patch. I tested this
new format with bind-dyndb-ldap it forwards the queries properly.
Unfortunately, fixed version of bind have not been released yet, i.e.
bind will crash if forwarders are defined both in named.conf and LDAP
global configuration (dnsconfig-mod).
Martin
The patch itself looks ok, just a couple of general concerns:
1. By default dnsconfig-show displays nothing. This is a little
disconcerting. I don't believe we show empty attributes anywhere else,
not sure if we should make an exception here or show some other message,
perhaps a varying summary?
2. I don't think there is a lot we can do but this still conflicts with
the file-based configuration. For example, someone can add a forwarder
and caused named to not restart the next time because there is also one
defined in named.conf. I'd almost prefer that one win rather than the
daemon not start at all. But for our purposes people may get confused
because they don't see the forwarders they configured at install time
and merely managing this list can break your name server at some
undetermined future point.
rob
This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 .
Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some
point this week. (This Adam said yesterday on IRC.)
Current solution prefers value from LDAP before local configuration.
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
