On Thu, Feb 07, 2013 at 01:57:18PM +0100, Petr Spacek wrote: > On 7.2.2013 13:38, Sumit Bose wrote: > >On Wed, Feb 06, 2013 at 06:27:26PM +0100, Ana Krivokapic wrote: > >>Hello, > >> > >>Below is a design page for ticket: > >>https://fedorahosted.org/freeipa/ticket/2945. > >> > >>There are a couple of questions in the text. > > > >about 'Do we also need to check if the domain is accessible through > >DNS?' I think it would be good to print a warning that no SOA or NS > >record was found for the domain. But I think there might be cases where > >the domain is added to the realmdomains first and then the DNS zone is > >created. So my suggestion would be either > >- not fail and print a warning or > >- fail but allow to skip the check with a --force option. > +1 for --force option > > I added questions about interaction with "ipa dnszone-add" to design document: > http://www.freeipa.org/page/V3/Realm_Domains > > Should dnszone-del delete associatedDomain when whole DNS zone is being > deleted?
I think no, because the related host and service objects will still be available. E.g. the zone will be deleted because it will be managed by a different DNS server of the hosts are still in IPA. > > Should dnszone-add offer an option to create associatedDomain > attribute for the new zone? yes, that would be useful. Although I think the hook suggested by Ana during 'ipa host-add' is good, because at this stage the domain is really used in the sense that there is a Kerberos principal with the domain in it. bye, Sumit > > Petr^2 Spacek > > >I think you should discuss in 'Updates and Upgrades' if and how cn=Realm > >Domains,cn=ipa,cn=etc,$SUFFIX is created during updates. > > > >bye, > >Sumit > >> > >>Thoughts, comments welcome! > >> > >>http://www.freeipa.org/page/V3/Realm_Domains > > -- > Petr^2 Spacek > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
