[Freeipa-devel] host-del & client uninstall: additional discussion related to DNS needed

[Martin Basti]

Hello all,

related tickets:
https://fedorahosted.org/freeipa/ticket/5676
https://fedorahosted.org/freeipa/ticket/5675
https://fedorahosted.org/freeipa/ticket/5715

I'm trying to implement both tickets, but I don't like the way we 
decided on devel meeting anymore.

https://fedorahosted.org/freeipa/ticket/5676#comment:1

1)
ipa host-del --updatedns

I propose to only delete A, AAAA and related PTR records (SSHFP records 
explained later). The record are somehow managed by IPA

I don't like the idea of having an extra option to specify record types 
that should be removed or a flag that will remove DNS entry completely. 
IMO that is duplication of dnsrecord-mod/del functionality, host-del 
should not be used for managing DNS. If somebody wants better 
granularity, the one should use 'dnsrecord-mod zone rec --type-rec=' or 
'dnsrecord-del --del-all'

Note: due backward compatibility --updatedns cannot be migrated to ENUM, 
new option needed

2)
SSHFP records and host-del (https://fedorahosted.org/freeipa/ticket/5715)

host-del removes SSH keys from LDAP, thus there is no reason to keep 
SSHFP record in DNS, thus SSHFP records should be removed always (even 
without --updatedns option)

3)
ipa-client-install --uninstall

SSHFP record are always added via nsupdate to DNS, IMO during client 
uninstall all SSHFP record related to client should be removed via 
nsupdate too.

4)
https://fedorahosted.org/freeipa/ticket/5676

ipa-client-install --uninstall --delete-host    #suggestions how to name 
option for removing host entry for ldap welcome

Should this option call 'host-del' or 'host-del --updatedns'?

I would like to avoid additional DNS related option to be added to 
ipa-client-install

Also do we really want to implement this ticket? What is the gain there?

Martin^2