Re: [Freeipa-users] DNS and $GENERATE Directive

2014-11-11 Thread Petr Spacek 
On 10.11.2014 09:25, Martin Kosek wrote:
 On 11/08/2014 12:16 AM, Andrew Powell wrote:
 Is there a way to add a Bind $GENERATE directive line to FreeIPA to
 automatically name DHCP-assigned ranges?

 In a file-based Bind installation, I can have the following line in the 
 forward
 example.com zone file:

 $generate 80-250/1 wd${0,3,d}.example.com. A 192.168.0.$

 (which adds records wd080.example.com thru wd250.example.com)

 And for the reverse zone (0.168.192.in-addr.arpa) I can have the following 
 line:

 $generate 80-250/1 $ PTR wd${0,3,d}.example.com.

 I can do without naming the DHCP-assigned ranges, but it seems like the 
 proper
 thing to do.

 
 Interesting question. I do not think bind-dyndb-ldap supports the $GENERATE
 directive. I am not even sure how to extend LDAP DNS tree to support it as it
 has a very specific syntax. You would need to add a new LDAP space accepting
 strings that would be then passed to BIND... I will let Petr to assess if this
 is possible or not.
We would have to re-implement the $GENERATE logic ourselves (and find a way
how to store it in LDAP).

It would complicate dynamic updates a lot so I would rather avoid implementing
this in bind-dyndb-ldap.

 For now, the best approach would be to either add all these records to LDAP or
 to have it in a BIND zone file and synchronize between all FreeIPA DNS 
 servers.

I would recommend to simply use ipa dnsrecord-add command in a for cycle to
add all the records.

ipa dnsrecord-generate command could generate set of LDAP objects too and it
would not require any changes in bind-dyndb-ldap... But I'm not sure if there
is a real benefit. IMHO it would be better to implement
https://fedorahosted.org/freeipa/ticket/4706
Seed managed DNS domain from existing domain

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] DNS and $GENERATE Directive

2014-11-10 Thread Martin Kosek 
On 11/08/2014 12:16 AM, Andrew Powell wrote:
 Is there a way to add a Bind $GENERATE directive line to FreeIPA to
 automatically name DHCP-assigned ranges?
 
 In a file-based Bind installation, I can have the following line in the 
 forward
 example.com zone file:
 
 $generate 80-250/1 wd${0,3,d}.example.com. A 192.168.0.$
 
 (which adds records wd080.example.com thru wd250.example.com)
 
 And for the reverse zone (0.168.192.in-addr.arpa) I can have the following 
 line:
 
 $generate 80-250/1 $ PTR wd${0,3,d}.example.com.
 
 I can do without naming the DHCP-assigned ranges, but it seems like the proper
 thing to do.
 

Interesting question. I do not think bind-dyndb-ldap supports the $GENERATE
directive. I am not even sure how to extend LDAP DNS tree to support it as it
has a very specific syntax. You would need to add a new LDAP space accepting
strings that would be then passed to BIND... I will let Petr to assess if this
is possible or not.

For now, the best approach would be to either add all these records to LDAP or
to have it in a BIND zone file and synchronize between all FreeIPA DNS servers.

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] DNS and $GENERATE Directive

2014-11-10 Thread Dmitri Pal 

On 11/10/2014 03:25 AM, Martin Kosek wrote:

On 11/08/2014 12:16 AM, Andrew Powell wrote:

Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?

In a file-based Bind installation, I can have the following line in the forward
example.com zone file:

$generate 80-250/1 wd${0,3,d}.example.com. A 192.168.0.$

(which adds records wd080.example.com thru wd250.example.com)

And for the reverse zone (0.168.192.in-addr.arpa) I can have the following line:

$generate 80-250/1 $ PTR wd${0,3,d}.example.com.

I can do without naming the DHCP-assigned ranges, but it seems like the proper
thing to do.


Interesting question. I do not think bind-dyndb-ldap supports the $GENERATE
directive. I am not even sure how to extend LDAP DNS tree to support it as it
has a very specific syntax. You would need to add a new LDAP space accepting
strings that would be then passed to BIND... I will let Petr to assess if this
is possible or not.

For now, the best approach would be to either add all these records to LDAP or
to have it in a BIND zone file and synchronize between all FreeIPA DNS servers.

Martin


Would an ipa command solve the problem?
Something like:

ipa dns-generate 80-250/1 $ PTR wd${0,3,d}.example.com.

If yes please file an RFE.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] DNS and $GENERATE Directive

2014-11-10 Thread Martin Kosek 
On 11/10/2014 02:48 PM, Dmitri Pal wrote:
 On 11/10/2014 03:25 AM, Martin Kosek wrote:
 On 11/08/2014 12:16 AM, Andrew Powell wrote:
 Is there a way to add a Bind $GENERATE directive line to FreeIPA to
 automatically name DHCP-assigned ranges?

 In a file-based Bind installation, I can have the following line in the 
 forward
 example.com zone file:

 $generate 80-250/1 wd${0,3,d}.example.com. A 192.168.0.$

 (which adds records wd080.example.com thru wd250.example.com)

 And for the reverse zone (0.168.192.in-addr.arpa) I can have the following
 line:

 $generate 80-250/1 $ PTR wd${0,3,d}.example.com.

 I can do without naming the DHCP-assigned ranges, but it seems like the 
 proper
 thing to do.

 Interesting question. I do not think bind-dyndb-ldap supports the $GENERATE
 directive. I am not even sure how to extend LDAP DNS tree to support it as it
 has a very specific syntax. You would need to add a new LDAP space accepting
 strings that would be then passed to BIND... I will let Petr to assess if 
 this
 is possible or not.

 For now, the best approach would be to either add all these records to LDAP 
 or
 to have it in a BIND zone file and synchronize between all FreeIPA DNS 
 servers.

 Martin

 Would an ipa command solve the problem?
 Something like:
 
 ipa dns-generate 80-250/1 $ PTR wd${0,3,d}.example.com.
 
 If yes please file an RFE.

Potentially yes, I just wanted to first have some assessment from Petr to see
if it even makes sense from bind-dyndb-ldap POV. Maybe bind-dyndb-ldap cannot
hook into the BIND zone file macro generation so the RFE would not even make 
sense.

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project