The FreeIPA team is proud to announce bind-dyndb-ldap version 4.1.

It can be downloaded from

The new version has also been built for Fedora 20 and and is on its way to updates-testing:

This release *requires an LDAP server with support for RFC 4533* (aka SyncRepl) and contains other significant changes.

Please read all the following text! :-)

== Changes in 4.0 and 4.1 ==
[1] Persistent search and zone refresh were replaced by RFC 4533 (SyncRepl).
    Options zone_refresh, cache_ttl and psearch were removed.
    LDAP attributes idnsZoneRefresh and idnsPersistentSearch were removed.

[2] Internal database was re-factored and replaced by RBT DB from BIND 9.
    As a result, read-query performance is nearly same as with plain BIND.
    Wildcard records are supported and queries for non-existing records
    do not impose additional load on LDAP server.

[3] Plug-in creates journal file for each DNS zone in LDAP. This allows us
    to support IXFR. Working directory has to be writable by named,
    please see README - configuration option "directory".

[4] SOA serial auto-increment feature is now mandatory. The plugin has to have
    write access to LDAP.
    (Proper SOA serial maintenance is required for journaling.)

[5] Data are not served to clients until initial synchronization with LDAP
    is finished. All queries are answered with NXDOMAIN during synchronization.

[6] Crash caused by invalid SOA record was fixed.

[7] Empty instance names (specified by "dynamic-db" directive) were disallowed.

[8] Typo in LDAP schema was fixed.

[9] Minor bugs in error handling found by static code analyzers were fixed.

Known problems and limitations
[1] LDAP MODRDN (rename) is not supported at the moment.

[2] Zones enabled at run-time are not loaded properly.
    You have to restart BIND after changing idnsZoneActive attribute to TRUE.

[3] Zones and records deleted when connection to LDAP is down are not
    refreshed properly after re-connection.
    You have to restart BIND to restore consistency.

== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted manually after the RPM installation.

*Make sure that BIND can write to working directory as described in README* before you restart BIND.

You will need to clean up configuration file /etc/named.conf if your configuration contains typos or other unsupported options.

Downgrading back to any 3.x version is supported as long as record types not supported by old version are not utilized.

== Feedback ==
Please provide comments, report bugs and send any other feedback via the freeipa-users mailing list:

Petr Spacek
Software engineer
Red Hat

Freeipa-interest mailing list

Reply via email to