The FreeIPA team is proud to announce bind-dyndb-ldap version 5.3.

It can be downloaded from

The new version has also been built for Fedora 21+ and and is on its way to updates-testing:

This version is also available from FreeIPA COPR repo:

[1] Internal locking was reworked to prevent crashes and deadlocks.

[1] Kerberos ticket expiration is now handled correctly.

[2] BIND no longer crashes after removing root zone from LDAP.

[3] Root zone handling was fixed to prevent accidental child zone removal.

[4] Temporary files for idnsZone objects are now inside master/ subdirectory.

[5] Temporary directories are created with ug=rwx,o= permissions to enable
    POSIX ACL usage.

[6] Naming rules for working directories have changed: See README section 6.

[7] Documentation clearly states that idnsZoneActive attribute is not supported.

== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted manually after the RPM installation.

!!! CAUTION !!!
idnsZone object class changed it's semantics in version 5.0. Please read
and update idnsForwarders and idnsForward policy attributes in your DNS zones accordingly.

Transition from idnsZone to idnsForwardZone object class can be made seamless if you change data in LDAP before you upgrade to version 5.x. All bind-dyndb-ldap versions >= 3.0 support the idnsForwardZone object class.

Users of FreeIPA < 4.0 should be careful when upgrading bind-dyndb-ldap to version >= 5.0 (if they do not upgrade to FreeIPA 4.x at the same time).

Configuration semantics related to conditional (per-zone) forwarding has changed and FreeIPA < 4.0 doesn't have appropriate user interface and API.

It is safe to upgrade if you use *only* global forwarders (shown by 'ipa dnsconfig-show') and *do not* use per-zone forwarders (shown by 'ipa dnszone-show').

Don't hesitate to ask freeipa-users mailing list if you need help with upgrade.
!!! CAUTION !!!

Downgrading back to any 4.x version is supported.

== Feedback ==
Please provide comments, report bugs and send any other feedback via the freeipa-users mailing list:

Petr^2 Spacek

Freeipa-interest mailing list

Reply via email to