On 11/01/2012 09:01 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> bind-dyndb-ldap allows disabling global forwarder per-zone. This may
>> be useful in a scenario when we do not want requests to delegated
>> sub-zones (like sub.example.com. in zone example.com.) to be routed
>> through global forwarder.
>>
>> Few lines to help added to explain the feature to users too.
>>
>> https://fedorahosted.org/freeipa/ticket/3209
>>
> 
> Fix two minor problems and you have an ACK.
> 
> 1. It needs a minor rebase
> 2. The API needs to be updated
> 
> rob
> 

Fixed both. After a short discussion with Petr Spacek I also added a
possibility to set global dnsconfig to NONE.

On a different note, I discovered that global forwarders in
bind-dyndb-ldap/bind are actually broken with referred bind-dyndb-ldap/bind
version. Thus, we may want to bump bind-dyndb-ldap version in spec when this is
resolved. (This should not affect diff in dns.py in any way).

Martin
From aa7451ad1a2c003791b7cc47972238b6f4e31186 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 29 Oct 2012 09:15:08 +0100
Subject: [PATCH] Disable global forwarding per-zone

bind-dyndb-ldap allows disabling global forwarder per-zone. This may
be useful in a scenario when we do not want requests to delegated
sub-zones (like sub.example.com. in zone example.com.) to be routed
through global forwarder.

Few lines to help added to explain the feature to users too.

https://fedorahosted.org/freeipa/ticket/3209
---
 API.txt               |  8 ++++----
 VERSION               |  2 +-
 freeipa.spec.in       |  6 +++++-
 ipalib/plugins/dns.py | 19 +++++++++++++++++--
 4 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index 7bd046c8d504bb7e39059a4f2b6743c7c0b6d8ef..65f1be623129d36605e4a4b4fd5656637fe77699 100644
--- a/API.txt
+++ b/API.txt
@@ -620,7 +620,7 @@ output: Output('value', <type 'unicode'>, None)
 command: dnsconfig_mod
 args: 0,11,3
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'NONE'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
@@ -1026,7 +1026,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dyna
 option: Str('idnsallowquery', attribute=True, autofill=True, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=True, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
 option: Str('idnsforwarders', attribute=True, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'NONE'))
 option: Bool('idnsallowsyncptr', attribute=True, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1083,7 +1083,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dyn
 option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, query=True, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, query=True, required=False)
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, query=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first', u'NONE'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Int('sizelimit?', autofill=False, minvalue=0)
@@ -1114,7 +1114,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dyn
 option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'NONE'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
diff --git a/VERSION b/VERSION
index 6e2696047dd0636ef3343b955e8cb7ae5b4acd0a..dd3bf28c6688524cbf65b1d467c3ee3d3611c318 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=44
+IPA_API_VERSION_MINOR=45
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 90f78905a30ac3b0f0372a5a744d7669020a8df7..1089d6c9aca6e91bf69bb69a948b395661f3a196 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -181,7 +181,7 @@ Requires: policycoreutils >= %{POLICYCOREUTILSVER}
 # IPA but if it is configured we need a way to require versions
 # that work for us.
 %if 0%{?fedora} >= 18
-Conflicts: bind-dyndb-ldap < 1.1.0-0.16.rc1
+Conflicts: bind-dyndb-ldap < 2.1-1
 %else
 Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
 %endif
@@ -829,6 +829,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Tue Oct 30 2012 Martin Kosek <mko...@redhat.com> - 3.0.99-3
+- Set min for bind-dyndb-ldap to 2.1-1 to pick up disabling global
+  forwarder per-zone
+
 * Fri Oct 26 2012 Sumit Bose <sb...@redhat.com> - 3.0.99-2
 - Restart httpd in post install of server-trust-ad
 
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index febd4d17c06e46291715d1ecdcded2d5bdea5aea..b2ac180f1af50a250ff8ed5b7ebb7f8387bce89d 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -183,6 +183,16 @@ EXAMPLES:
  Show records for resource www in zone example.com
    ipa dnsrecord-show example.com www
 
+ Delegate zone sub.example to another nameserver:
+   ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5
+   ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.
+
+ If global forwarder is configured, all requests to sub.example.com will be
+ routed through the global forwarder. To change the behavior for example.com
+ zone only and forward the request directly to ns.sub.example.com., global
+ forwarding may be disabled per-zone:
+   ipa dnszone-mod example.com --forward-policy=NONE
+
  Forward all requests for the zone external.com to another nameserver using
  a "first" policy (it will send the queries to the selected forwarder and if
  not answered it will use global resolvers):
@@ -1685,7 +1695,10 @@ class dnszone(LDAPObject):
         StrEnum('idnsforwardpolicy?',
             cli_name='forward_policy',
             label=_('Forward policy'),
-            values=(u'only', u'first',),
+            doc=_('Per-zone conditional forwarding policy. Set to "NONE" to '
+                  'disable forwarding to global forwarder for this zone. In '
+                  'that case, conditional zone forwarders are disregarded.'),
+            values=(u'only', u'first', u'NONE'),
         ),
         Bool('idnsallowsyncptr?',
             cli_name='allow_sync_ptr',
@@ -2848,7 +2861,9 @@ class dnsconfig(LDAPObject):
         StrEnum('idnsforwardpolicy?',
             cli_name='forward_policy',
             label=_('Forward policy'),
-            values=(u'only', u'first',),
+            doc=_('Global forwarding policy. Set to "NONE" to disable '
+                  'any configured global forwarders.'),
+            values=(u'only', u'first', u'NONE'),
         ),
         Bool('idnsallowsyncptr?',
             cli_name='allow_sync_ptr',
-- 
1.7.11.7

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to