[Freeipa-devel] Design: Automatic Empty Zone handling in bind-dyndb-ldap
Martin Basti
mbasti at redhat.com
Fri Jan 8 17:14:14 UTC 2016
On 08.01.2016 16:57, Petr Spacek wrote:
> Hello,
>
> recent improvements in FreeIPA 4.3.0 (finally) prevent FreeIPA installer from
> creating made-up DNS reverse zones, which already exist on some other DNS server.
>
> This change uncovered a well-hidden automatic empty zones in BIND 9.9+, which
> is now causing problem to users.
>
> It seems that this can be fixed by change to the code which handles forward
> DNS zones. Short design document with necessary background is available on:
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones
>
> Please be so kind and review it ASAP, so I can write the patch quickly and
> make life of our QE guys easier.
>
> Have a nice Friday.
>
Hello,
IIUC, the differences between default bind behaviour and bind-dyndb-ldap
behaviour are:
* disable automatic empty zone when policy is 'first' or 'only', instead
of just 'only'
I liked it more than default behaviour of named, but could be this
somehow unexpected by users, or they will be happy that it works better
(?) than in named?
* bind-dyndb-ldap will not recreate automate empty zone
IMO this should not harm at all
so design LGTM, I will thinking about it over this weekend
More information about the Freeipa-devel
mailing list