On 8.1.2016 18:14, Martin Basti wrote:
> 
> 
> On 08.01.2016 16:57, Petr Spacek wrote:
>> Hello,
>>
>> recent improvements in FreeIPA 4.3.0 (finally) prevent FreeIPA installer from
>> creating made-up DNS reverse zones, which already exist on some other DNS
>> server.
>>
>> This change uncovered a well-hidden automatic empty zones in BIND 9.9+, which
>> is now causing problem to users.
>>
>> It seems that this can be fixed by change to the code which handles forward
>> DNS zones. Short design document with necessary background is available on:
>> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones
>>
>> Please be so kind and review it ASAP, so I can write the patch quickly and
>> make life of our QE guys easier.
>>
>> Have a nice Friday.
>>
> Hello,
> 
> IIUC, the differences between default bind behaviour and bind-dyndb-ldap
> behaviour are:
> 
> * disable automatic empty zone when policy is 'first' or 'only', instead of
> just 'only'
> I liked it more than default behaviour of named, but could be this somehow
> unexpected by users, or they will be happy that it works better (?) than in
> named?

I hope users will appreciate it :-)

> 
> * bind-dyndb-ldap will not recreate automate empty zone
> IMO this should not harm at all
> 
> so design LGTM, I will thinking about it over this weekend

Did you find any problem?


Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to