I have only few nitpicks I didn't notice in the first round:
The original proposal contained also this header:
SUPPORTED ZONE TYPES
* Master zone (dnszone-*) contains authoritative data.
* Forward zone (dnsforwardzone-*) forwards queries to configured forwarders
(a set of DNS servers).
I can't see it in the patch.
Rest of nit picks is in-line:
On 2.7.2014 15:17, Martin Basti wrote:
- If global forwarder is configured, all requests to sub.example.com will be
- routed through the global forwarder. To change the behavior for example.com
- zone only and forward the request directly to ns.sub.example.com., global
- forwarding may be disabled per-zone:
+ If a global forwarder is configured, all queries for which this server is not
+ authoritative (e.g. sub.example.com) will be routed to the global forwarder.
+ Global forwarding configuration can be overriden per-zone. To change behavior
+ for a particular zone you can specify forwarders and forward-policy per zone.
overriden => overridden (according to my spell checker :-)
Sentence "To change behavior for a particular zone you can specify forwarders
and forward-policy per zone." seems redundant to me.
+ Semantics of forwarding in IPA matches BIND sematics and depends on type
+ of the zone:
+ * Master zone: local BIND replies authoritatively to queries for data in
+ the given zone (including authoritative NXDOMAIN answers) and forwarding
+ affects only queries for names bellow zone cuts (NS records) of locally
+ served zones.
+
+ * Forward zone: forward zone contains no authoritative data. BIND forwards
+ queries, which cannot be answered from its local cache, to configured
+ forwarders.
+
+ Semantics of the --forwarder-policy option:
+ * none - disable forwarding for the given zone.
+ * first - forward all queries to configured forwarders. If they fail,
" " should be replaced by " "
+ do resolution using DNS root servers.
+ * only - forward all queries to configured forwarders and if they fail,
+ return failure.
+
+ Disable global forwarding for given sub-tree:
ipa dnszone-mod example.com --forward-policy=none
- Forward all requests for the zone external.com to another nameserver using
- a "first" policy (it will send the queries to the selected forwarder and if
- not answered it will use global resolvers):
- ipa dnszone-add external.com
- ipa dnszone-mod external.com --forwarder=203.0.113.1 \\
- --forward-policy=first
+ This configuration forwards all queries for names outside the example.com
+ sub-tree to global forwarders. Normal recursive resolution process is used
+ for names inside the example.com sub-tree (i.e. NS records are followed etc.).
+
+ Forward all requests for the zone external.example.com to another nameserver
nameserver => forwarder (to keep terminology consistent)
+ using a "first" policy (it will send the queries to the selected forwarder
+ and if not answered it will use global resolvers):
resolvers => root servers
+ ipa dnsforwardzone-add external.example.com --forward-policy=first \\
+ --forwarder=203.0.113.1
+
+ Change forward-policy for external.example.com:
+ ipa dnsforwardzone-mod external.example.com --forward-policy=only
+
+ Show forward zone external.example.com:
+ ipa dnsforwardzone-show external.example.com
+
+ List all forward zones:
+ ipa dnsforwardzone-find
+
+ Delelete forward zone external.example.com:
Delelete => Delete (nice typo! :-))
+ ipa dnsforwardzone-del external.example.com
Delete zone example.com with all resource records:
ipa dnszone-del example.com
Is there section with examples for master zones? Please move it there if the
answer is yes, otherwise it can stay here.
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
