[Freeipa-devel] Structured DNS record API proposal
Martin Kosek
mkosek at redhat.com
Fri Sep 16 07:51:41 UTC 2011
On Thu, 2011-09-15 at 10:26 +0200, Adam Tkac wrote:
> On 09/14/2011 06:18 PM, Martin Kosek wrote:
> > Attached in the txt file. If you have any comments or suggestions to
> > this proposal, please let me know.
> >
> > https://fedorahosted.org/freeipa/ticket/1766
>
> Your proposal seems fine for me. However I would recommend not to expose
> routines for managing DNSSEC related records because DNSSEC is currently
> not supported in the bind-dyndb-ldap. This doesn't mean you should
> remove code which handles those records, just don't expose them to
> users, please. Routines can be reused in future, when we decide how to
> handle DNSSEC in FreeIPA.
>
> I checked the "dnsrecord-<rrtype>-add" list below and DNSSEC related
> records are DS, KEY, NSEC, RRSIG, SIG.
>
> Regards, Adam
Since we don't know how DNSSEC records will be handled, I would rather
don't implement the methods now and then reimplement them.
When I was implementing DNS validators in patch 120 I noticed we provide
API to add many RR types that are not supported via bind-dyndb-ldap at
all. Any attempt to add them ends with missing LDAP schema attribute
error.
Since the new API is targeted for new FreeIPA major release I wouldn't
be afraid to remove all these RR types from our API (they don't work
anyway).
This applies to these RR types: APL, DHCID, DLV, DNSKEY, HIP, IPSECKEY,
NSEC3, NSEC3PARAM, RP, TA, TKEY, TSIG.
IMO, we should then add there RR types _only_ when they are supported by
bind-dyndb-ldap.
Martin
More information about the Freeipa-devel
mailing list