On 21.10.2013 17:58, Stephen Ingram wrote:
On Sun, Oct 20, 2013 at 11:44 PM, Petr Spacek <pspa...@redhat.com> wrote:

On 18.10.2013 21:44, Stephen Ingram wrote:

I'm using IPA 3.0.x on RHEL 6.4 and trying to setup other zones in DNS. I
notice that regardless of the TTL set in the SOA for the zone, the
individual records default to 86400. I see there has been previous
discussion on the list (
https://www.redhat.com/**archives/freeipa-users/2012-**
November/msg00158.html<https://www.redhat.com/archives/freeipa-users/2012-November/msg00158.html>
)
saying that the 86400 value is hard-coded into bind-dyndb-ldap. It appears
as though it might be rectified sometime in the 3.3.x series, however, I'm
wondering if there is a workaround for now. Is there a way to just delete
this value such that the individual records will default to the value in
the SOA until a real fix comes along?


For now, the only workaround is to set TTL explicitly for all affected DNS
names. Sorry!

$ ipa dnsrecord-mod --help | grep ttl
   --ttl=INT             Time to live

The most important thing is that SOA TTL is not related to default record
TTL by definition.

Some details are described here:
https://www.redhat.com/**archives/freeipa-users/2012-**
November/msg00160.html<https://www.redhat.com/archives/freeipa-users/2012-November/msg00160.html>


Am I reading this correctly then that you have to set for each *record* vs
I really meant *name*. "ipa dnsrecord-mod" operates on whole DNS name. (It also means that all records under single *name* share the same TTL value.)

the *zone*. If so, this makes the DNS part of IPA almost unusable except to
those willing to stick with the default 86400 or write a script to handle
each record in the zone. I've been following the list for some time, but
haven't heard much about usage of the DNS component. And, among the users I
speak with no one uses the DNS component. Perhaps this is the reason why? I
Up to now, nobody have told us that 'DNS part of IPA almost unusable' without configuration option for default TTL, so it simply didn't get the priority. We have seen stroger demand for DNS views, for example :-)

haven't looked at the code yet, but would this be that difficult to fix?  I
If you are okay with statically configured TTL for all zones, then it is five-minute fix. (Simply change the current value and recompile or add a new parameter to /etc/named.conf.)

If you want to define default TTL per-zone in LDAP, then you have to define new attribute in LDAP schema, store the default TTL value in zone_register and push it to record parser as necessary.

In https://fedorahosted.org/bind-dyndb-ldap/ticket/70#comment:7 you can see that we are trying to cooperate with schema/OID space owner to find & standardize some solution.

Any contribution is more than welcome! Join us in the ticket and we can discuss various propsals.

Have a nice day.

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to