[Freeipa-devel] Support for Bind forward zones
Simo Sorce
simo at redhat.com
Fri Dec 9 13:49:46 UTC 2011
On Fri, 2011-12-09 at 12:33 +0200, Alexander Bokovoy wrote:
> On Fri, 09 Dec 2011, Martin Kosek wrote:
> > This is my idea of what could be done:
> > 1) Introduce a new objectClass "idnsConfigObject" which would hold all
> > bind-dyndb-ldap global settings attributes. I would add the following
> > attributes:
> > * idnsAllowSyncPTR: global settings with semantics of sync_ptr in
> > named.conf.
> > * dnsForwardPolicy
> > * idnsForwarders
> > * idnsZoneRefresh (zone_refresh argument in named.conf)
> > * idnsPersistentSearch (psearch argument in named.conf)
> >
> > 2) Create a config object in FreeIPA (in replicated space):
> > cn=dns,cn=etc,$SUFFIX
> >
> > 3) Add a support for this global settings object to bind-dyndb-ldap and
> > create a config option in named.conf pointing to the global config base
> > DN:
> > dynamic-db "ipa" {
> > ...
> > arg "config_base cn=dns,cn=etc,dc=example,dc=com";
> > ...
> > };
> >
> > 4) Add API for global DNS config to FreeIPA server. Example commands:
> > $ ipa dnsconfig-show
> > $ ipa dnsconfig-mod --forwarders=10.0.0.1,10.0.0.2 --forward-policy=only
> I agree with the latter approach. Looks cleaner and also allows to
> properly handle replicated DNS setup.
Me too, except for the location of the configuration, I think it should
stay in the root node of the DNS data for simplicity. But this is a very
minor point.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list