[Freeipa-devel] Design: Automatic Empty Zone handling in bind-dyndb-ldap

Petr Spacek pspacek at redhat.com
Fri Feb 19 08:11:27 UTC 2016 

On 12.1.2016 15:10, Martin Basti wrote:
> 
> 
> On 12.01.2016 15:06, Petr Spacek wrote:
>> On 8.1.2016 18:14, Martin Basti wrote:
>>>
>>> On 08.01.2016 16:57, Petr Spacek wrote:
>>>> Hello,
>>>>
>>>> recent improvements in FreeIPA 4.3.0 (finally) prevent FreeIPA installer from
>>>> creating made-up DNS reverse zones, which already exist on some other DNS
>>>> server.
>>>>
>>>> This change uncovered a well-hidden automatic empty zones in BIND 9.9+, which
>>>> is now causing problem to users.
>>>>
>>>> It seems that this can be fixed by change to the code which handles forward
>>>> DNS zones. Short design document with necessary background is available on:
>>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones
>>>>
>>>>
>>>> Please be so kind and review it ASAP, so I can write the patch quickly and
>>>> make life of our QE guys easier.
>>>>
>>>> Have a nice Friday.
>>>>
>>> Hello,
>>>
>>> IIUC, the differences between default bind behaviour and bind-dyndb-ldap
>>> behaviour are:
>>>
>>> * disable automatic empty zone when policy is 'first' or 'only', instead of
>>> just 'only'
>>> I liked it more than default behaviour of named, but could be this somehow
>>> unexpected by users, or they will be happy that it works better (?) than in
>>> named?
>> I hope users will appreciate it :-)
>>
>>> * bind-dyndb-ldap will not recreate automate empty zone
>>> IMO this should not harm at all
>>>
>>> so design LGTM, I will thinking about it over this weekend
>> Did you find any problem?
>>
>>
>> Petr^2 Spacek
> 
> My mind did not pop out any issue during weekend.
> It should work :)

I was discussing this further with BIND upstream and Mark Andrews do not like
it. IMHO we should respect his opinion and do that same what BIND 9.11 is
going to do.

For this reason I've updated design page
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones
with the new approach.

Please review it again. It contains new sections Configuration and Upgrade.

Thank you!

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list