On Tue, 2012-03-20 at 10:27 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Tue, 2012-03-13 at 10:54 +0100, Petr Spacek wrote: > >> On 03/12/2012 07:10 PM, Rob Crittenden wrote: > >>> Martin Kosek wrote: > >>>> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote: > >>>>> These 2 patches changes the DNS API to support the last missing bits in > >>>>> new bind-dyndb-ldap: > >>>>> > >>>>> 1) Both global and per-zone forwarders now support a conditional custom > >>>>> port (with format "IP_ADDRESS PORT") > >>>>> 2) Missing global configuration options have been added: > >>>>> * idnsforwardpolicy: Default policy for conditional forwarding > >>>>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic > >>>>> updates > >>>>> * idnszonerefresh: Default interval between regular polls of the > >>>>> name server for new DNS zones > >>>>> > >>>>> Before these patches are pushed, I will just have to update the minimal > >>>>> bind-dyndb-ldap version (it has not been built yet) which have a full > >>>>> support for these. > >>>>> > >>>>> Martin > >>>> > >>>> New version of bind-dyndb-ldap has been released, attaching a rebased > >>>> patch with fixed bind-dyndb-ldap version in spec file. > >>>> > >>>> I also fixed the forwarder format, it should be "$IP port $PORT", not > >>>> "$IP $PORT" as it was in a previous version of the patch. I tested this > >>>> new format with bind-dyndb-ldap it forwards the queries properly. > >>>> > >>>> Unfortunately, fixed version of bind have not been released yet, i.e. > >>>> bind will crash if forwarders are defined both in named.conf and LDAP > >>>> global configuration (dnsconfig-mod). > >>>> > >>>> Martin > >>> > >>> The patch itself looks ok, just a couple of general concerns: > >>> > >>> 1. By default dnsconfig-show displays nothing. This is a little > >>> disconcerting. I don't believe we show empty attributes anywhere else, > >>> not sure if we should make an exception here or show some other message, > >>> perhaps a varying summary? > >>> > >>> 2. I don't think there is a lot we can do but this still conflicts with > >>> the file-based configuration. For example, someone can add a forwarder > >>> and caused named to not restart the next time because there is also one > >>> defined in named.conf. I'd almost prefer that one win rather than the > >>> daemon not start at all. But for our purposes people may get confused > >>> because they don't see the forwarders they configured at install time > >>> and merely managing this list can break your name server at some > >>> undetermined future point. > >>> > >>> rob > >> > >> This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 . > >> > >> Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some > >> point this week. (This Adam said yesterday on IRC.) > >> > >> Current solution prefers value from LDAP before local configuration. > >> > >> Petr^2 Spacek > >> > > > > The fix for this BZ has been backported to Fedora 16 and released to > > updates-testing: > > https://admin.fedoraproject.org/updates/FEDORA-2012-4091/bind-9.8.2-0.4.rc2.fc16 > > > > Attaching a patch which properly forbids conflicts with older versions > > of bind. The new bind should no longer crash when a configuration > > options like forwarders is defined both in LDAP and named.conf. > > > > Martin > > ACK to both >
Thanks. Pushed to master, ipa-2-2. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel