On 4/4/2012 5:36 AM, Petr Vobornik wrote:
DNS forward policy fields were using mutually exclusive checkboxes. Such
behavior is unusual for users.

Checkboxes were changed to radios with new option 'none/default' to set
empty value ''.

https://fedorahosted.org/freeipa/ticket/2599

Second patch removes mutex option from checkboxes. Not sure if needed.

Patch #118 might need some revision.

According to DNS docs the default forward policy is "first":

  forward is only relevant in conjunction with a valid forwarders
  statement. If set to 'only' the server will only forward queries,
  if set to 'first' (default) it will send the queries to the forwarder
  and if not answered will attempt to answer the query.

  http://www.zytrax.com/books/dns/ch7/queries.html

So there are actually only 2 possible policies: first and only. Ideally we should present 2 radio buttons:
* Forward first
* Forward only

However, in IPA the attribute is optional, so we have 3 ways to define the policy:
* Default
* Forward first
* Forward only

This is OK and will match the CLI (I can ACK this), but people might be asking 'What is the default policy?' and I'm not sure we document it clearly.

If we're sure IPA's default forwarding policy is equivalent to DNS default forwarding policy (i.e. first), the other alternative is to just present 2 options like this:
* Forward first (default)
* Forward only

When loading the data, if there's no policy defined the UI will select 'first' by default. When saving the data, the UI can either store the 'first' value or normalize it into empty value.

Another thing, let's not use 'none' because it could be interpreted as 'do not forward'.

Also, it would be better to use a long description like "Forward first" instead of just "first". In the DNS configuration it's meant to be read like the longer description:

  forward first;
  forward only;

In the current UI we have "Forward policy" label which doesn't go well with "first" or "only".

Patch #119 is ACKed, but feel free to keep the functionality if you think it could be useful someday.

--
Endi S. Dewata

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to