On 19.02.2016 09:11, Petr Spacek wrote:
On 12.1.2016 15:10, Martin Basti wrote:

On 12.01.2016 15:06, Petr Spacek wrote:
On 8.1.2016 18:14, Martin Basti wrote:
On 08.01.2016 16:57, Petr Spacek wrote:
Hello,

recent improvements in FreeIPA 4.3.0 (finally) prevent FreeIPA installer from
creating made-up DNS reverse zones, which already exist on some other DNS
server.

This change uncovered a well-hidden automatic empty zones in BIND 9.9+, which
is now causing problem to users.

It seems that this can be fixed by change to the code which handles forward
DNS zones. Short design document with necessary background is available on:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones


Please be so kind and review it ASAP, so I can write the patch quickly and
make life of our QE guys easier.

Have a nice Friday.

Hello,

IIUC, the differences between default bind behaviour and bind-dyndb-ldap
behaviour are:

* disable automatic empty zone when policy is 'first' or 'only', instead of
just 'only'
I liked it more than default behaviour of named, but could be this somehow
unexpected by users, or they will be happy that it works better (?) than in
named?
I hope users will appreciate it :-)

* bind-dyndb-ldap will not recreate automate empty zone
IMO this should not harm at all

so design LGTM, I will thinking about it over this weekend
Did you find any problem?


Petr^2 Spacek
My mind did not pop out any issue during weekend.
It should work :)
I was discussing this further with BIND upstream and Mark Andrews do not like
it. IMHO we should respect his opinion and do that same what BIND 9.11 is
going to do.

For this reason I've updated design page
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones
with the new approach.

Please review it again. It contains new sections Configuration and Upgrade.

Thank you!

If bind wants to have it in this way, LGTM.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to