[Freeipa-devel] [Freeipa-interest] Announcing bind-dyndb-ldap version 5.0

Thu, 26 Jun 2014 03:03:13 -0700 

The FreeIPA team is proud to announce bind-dyndb-ldap version 5.0.

It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/
The new version has also been built for Fedora 20 and and is on its way to updates-testing: 
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-5.0-1.fc20
Release to Fedora 'updates' repo will be coordinated with FreeIPA 4.0 release to prevent breakages. 

== Changes in 5.0 ==
[1] Support for DNSSEC in-line signing was added. Now any LDAP zone can be
    signed with keys provided by user.

[2] DNSKEY, RRSIG, NSEC and NSEC3 records are automatically managed
    by BIND+bind-dyndb-ldap. Respective attributes in LDAP are ignored.

[3] Forwarder semantic was changed to match BIND's semantics:
    - idnsZone object always represents master zone
    - idnsForwardZone object (new) always represents forward zone

[4] Master root zone can be stored in LDAP.


== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted manually after the RPM installation. 

!!! CAUTION !!!
idnsZone object class changed it's semantics. Please read
https://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/plain/README
and update idnsForwarders and idnsForward policy attributes in your DNS zones accordingly.
Transition from idnsZone to idnsForwardZone object class can be made seamless if you change data in LDAP before you upgrade to version 5.x. All bind-dyndb-ldap versions >= 3.0 support the idnsForwardZone object class.
Users of FreeIPA < 4.0 should be careful when upgrading bind-dyndb-ldap to version >= 5.0 (if they do not upgrade to FreeIPA 4.x at the same time).
Configuration semantics related to conditional (per-zone) forwarding has changed and FreeIPA < 4.0 doesn't have appropriate user interface and API.
It is safe to upgrade if you use *only* global forwarders (shown by 'ipa dnsconfig-show') and *do not* use per-zone forwarders (shown by 'ipa dnszone-show'). 

Don't hesitate to ask freeipa-users mailing list if you need help with upgrade.
!!! CAUTION !!!

Downgrading back to any 4.x version is supported.


== Feedback ==
Please provide comments, report bugs and send any other feedback via the freeipa-users mailing list: 
http://www.redhat.com/mailman/listinfo/freeipa-users

--
Petr Spacek  @  Red Hat

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to