On 11/02/2012 10:51 AM, Jan Cholasta wrote:
> Hi,
> 
> On 2.11.2012 09:12, Martin Kosek wrote:
>> On 11/01/2012 09:01 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> bind-dyndb-ldap allows disabling global forwarder per-zone. This may
>>>> be useful in a scenario when we do not want requests to delegated
>>>> sub-zones (like sub.example.com. in zone example.com.) to be routed
>>>> through global forwarder.
>>>>
>>>> Few lines to help added to explain the feature to users too.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3209
>>>>
>>>
>>> Fix two minor problems and you have an ACK.
>>>
>>> 1. It needs a minor rebase
>>> 2. The API needs to be updated
>>>
>>> rob
>>>
>>
>> Fixed both. After a short discussion with Petr Spacek I also added a
>> possibility to set global dnsconfig to NONE.
>>
>> On a different note, I discovered that global forwarders in
>> bind-dyndb-ldap/bind are actually broken with referred bind-dyndb-ldap/bind
>> version. Thus, we may want to bump bind-dyndb-ldap version in spec when this 
>> is
>> resolved. (This should not affect diff in dns.py in any way).
>>
>> Martin
>>
> 
> This might be a stupid question, but why is "NONE" in upper case and the rest
> of the values in lower case?
> 
> Honza
> 

This really doesn't matter function-wise, as bind-dydnb-ldap does the
comparison in case insensitive way. My original intention was to be consistent
with other NONE values we use across IPA and to distinguish the value from
valid BIND values.

But you are right that within dns plugin it makes more sense to have it all
lowercase.

Updated patch attached.

Martin
From ad42e297eb98f915d3197affe439b5ed9f789d4c Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 29 Oct 2012 09:15:08 +0100
Subject: [PATCH] Disable global forwarding per-zone

bind-dyndb-ldap allows disabling global forwarder per-zone. This may
be useful in a scenario when we do not want requests to delegated
sub-zones (like sub.example.com. in zone example.com.) to be routed
through global forwarder.

Few lines to help added to explain the feature to users too.

https://fedorahosted.org/freeipa/ticket/3209
---
 API.txt               |  8 ++++----
 VERSION               |  2 +-
 freeipa.spec.in       |  6 +++++-
 ipalib/plugins/dns.py | 19 +++++++++++++++++--
 4 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index 7bd046c8d504bb7e39059a4f2b6743c7c0b6d8ef..1808016f61ab1005cb1f8419567eb2ef693fcf82 100644
--- a/API.txt
+++ b/API.txt
@@ -620,7 +620,7 @@ output: Output('value', <type 'unicode'>, None)
 command: dnsconfig_mod
 args: 0,11,3
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
@@ -1026,7 +1026,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dyna
 option: Str('idnsallowquery', attribute=True, autofill=True, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=True, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
 option: Str('idnsforwarders', attribute=True, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
 option: Bool('idnsallowsyncptr', attribute=True, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1083,7 +1083,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dyn
 option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, query=True, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, query=True, required=False)
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, query=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first', u'none'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Int('sizelimit?', autofill=False, minvalue=0)
@@ -1114,7 +1114,7 @@ option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dyn
 option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
 option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
-option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
 option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
diff --git a/VERSION b/VERSION
index 6e2696047dd0636ef3343b955e8cb7ae5b4acd0a..dd3bf28c6688524cbf65b1d467c3ee3d3611c318 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=44
+IPA_API_VERSION_MINOR=45
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 90f78905a30ac3b0f0372a5a744d7669020a8df7..1089d6c9aca6e91bf69bb69a948b395661f3a196 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -181,7 +181,7 @@ Requires: policycoreutils >= %{POLICYCOREUTILSVER}
 # IPA but if it is configured we need a way to require versions
 # that work for us.
 %if 0%{?fedora} >= 18
-Conflicts: bind-dyndb-ldap < 1.1.0-0.16.rc1
+Conflicts: bind-dyndb-ldap < 2.1-1
 %else
 Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
 %endif
@@ -829,6 +829,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Tue Oct 30 2012 Martin Kosek <mko...@redhat.com> - 3.0.99-3
+- Set min for bind-dyndb-ldap to 2.1-1 to pick up disabling global
+  forwarder per-zone
+
 * Fri Oct 26 2012 Sumit Bose <sb...@redhat.com> - 3.0.99-2
 - Restart httpd in post install of server-trust-ad
 
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index febd4d17c06e46291715d1ecdcded2d5bdea5aea..5346b393f8a4dc671152c4bb804b623ca3bccd26 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -183,6 +183,16 @@ EXAMPLES:
  Show records for resource www in zone example.com
    ipa dnsrecord-show example.com www
 
+ Delegate zone sub.example to another nameserver:
+   ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5
+   ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.
+
+ If global forwarder is configured, all requests to sub.example.com will be
+ routed through the global forwarder. To change the behavior for example.com
+ zone only and forward the request directly to ns.sub.example.com., global
+ forwarding may be disabled per-zone:
+   ipa dnszone-mod example.com --forward-policy=none
+
  Forward all requests for the zone external.com to another nameserver using
  a "first" policy (it will send the queries to the selected forwarder and if
  not answered it will use global resolvers):
@@ -1685,7 +1695,10 @@ class dnszone(LDAPObject):
         StrEnum('idnsforwardpolicy?',
             cli_name='forward_policy',
             label=_('Forward policy'),
-            values=(u'only', u'first',),
+            doc=_('Per-zone conditional forwarding policy. Set to "none" to '
+                  'disable forwarding to global forwarder for this zone. In '
+                  'that case, conditional zone forwarders are disregarded.'),
+            values=(u'only', u'first', u'none'),
         ),
         Bool('idnsallowsyncptr?',
             cli_name='allow_sync_ptr',
@@ -2848,7 +2861,9 @@ class dnsconfig(LDAPObject):
         StrEnum('idnsforwardpolicy?',
             cli_name='forward_policy',
             label=_('Forward policy'),
-            values=(u'only', u'first',),
+            doc=_('Global forwarding policy. Set to "none" to disable '
+                  'any configured global forwarders.'),
+            values=(u'only', u'first', u'none'),
         ),
         Bool('idnsallowsyncptr?',
             cli_name='allow_sync_ptr',
-- 
1.7.11.7

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to