On 21.10.2013 17:58, Stephen Ingram wrote:
I really meant *name*. "ipa dnsrecord-mod" operates on whole DNS name. (It
also means that all records under single *name* share the same TTL value.)
On Sun, Oct 20, 2013 at 11:44 PM, Petr Spacek <pspa...@redhat.com> wrote:
On 18.10.2013 21:44, Stephen Ingram wrote:
I'm using IPA 3.0.x on RHEL 6.4 and trying to setup other zones in DNS. I
notice that regardless of the TTL set in the SOA for the zone, the
individual records default to 86400. I see there has been previous
discussion on the list (
saying that the 86400 value is hard-coded into bind-dyndb-ldap. It appears
as though it might be rectified sometime in the 3.3.x series, however, I'm
wondering if there is a workaround for now. Is there a way to just delete
this value such that the individual records will default to the value in
the SOA until a real fix comes along?
For now, the only workaround is to set TTL explicitly for all affected DNS
$ ipa dnsrecord-mod --help | grep ttl
--ttl=INT Time to live
The most important thing is that SOA TTL is not related to default record
TTL by definition.
Some details are described here:
Am I reading this correctly then that you have to set for each *record* vs
Up to now, nobody have told us that 'DNS part of IPA almost unusable' without
configuration option for default TTL, so it simply didn't get the priority. We
have seen stroger demand for DNS views, for example :-)
the *zone*. If so, this makes the DNS part of IPA almost unusable except to
those willing to stick with the default 86400 or write a script to handle
each record in the zone. I've been following the list for some time, but
haven't heard much about usage of the DNS component. And, among the users I
speak with no one uses the DNS component. Perhaps this is the reason why? I
If you are okay with statically configured TTL for all zones, then it is
five-minute fix. (Simply change the current value and recompile or add a new
parameter to /etc/named.conf.)
haven't looked at the code yet, but would this be that difficult to fix? I
If you want to define default TTL per-zone in LDAP, then you have to define
new attribute in LDAP schema, store the default TTL value in zone_register and
push it to record parser as necessary.
In https://fedorahosted.org/bind-dyndb-ldap/ticket/70#comment:7 you can see
that we are trying to cooperate with schema/OID space owner to find &
standardize some solution.
Any contribution is more than welcome! Join us in the ticket and we can
discuss various propsals.
Have a nice day.
Freeipa-users mailing list