On 07/04/2012 04:03 AM, Josh Becigneul wrote:
There are no built-in limits. Records are internally stored in Red-Black tree
(in similar way as BIND does it) so memory should be only limiting factor.
I'd like to get some opinions on using the DNS component of freeIPA to manage
dns zones not necessarily associated with the freeIPA realm.
My thinking is to use it as a hidden master to a pre-existing group of
authoritative systems, so one thing I'm curious about is is there a
theoretical (or real) limit on the number of zones it can handle? Is there a
limit to the number of records in a zone?
> I would think that this may depend
It depends. Bind-dyndb-ldap plugin (BIND<->LDAP interface) can work in two
modes - normal and persistent search.
on the performance of the 389 directory service.
In "normal mode" (i.e. with persistent search disabled) each record is loaded
from DS on demand - if some client asks for it. In this case DS performance
can be limiting factor. (Plugin has built-in cache, cache TTL can be tweaked
by cache_ttl parameter in /etc/named.conf.)
In "persistent search mode" whole database from DS is transferred to
bind-dyndb-ldap cache and all searches are done inside local memory. It
consumes some memory, but this approach saves DS work.
Each change in DS is incrementally transferred to bind-dyndb-ldap, so all
changes should be visible immediately.
Current code doesn't contain a lot of performance optimizations, but nobody
reported performance problems.
You need to convert existing zones to LDIF. We don't have tool for this task,
please see ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/76.
Is it possible to import existing zones? Would this be possible with zone
transfers or would we have to convert the zone files to an LDIF?
It should be relatively simple write this tool (see comments in the ticket).
If you are going to write it, please consider contribution back to upstream.
Current plugin doesn't have full power of BIND. DNS views are not supported
and settings specific to zones are limited.
AXFR Zone transfers are supported, SOA serial number auto-incrementation
feature will be in 3.0 release (it is not present in 3.0 beta 1).
Freeipa-users mailing list