[Freeipa-devel] Structured DNS record API proposal
Adam Tkac
atkac at redhat.com
Fri Sep 16 08:13:13 UTC 2011
On 09/16/2011 09:51 AM, Martin Kosek wrote:
> On Thu, 2011-09-15 at 10:26 +0200, Adam Tkac wrote:
>
>> Your proposal seems fine for me. However I would recommend not to expose
>> routines for managing DNSSEC related records because DNSSEC is currently
>> not supported in the bind-dyndb-ldap. This doesn't mean you should
>> remove code which handles those records, just don't expose them to
>> users, please. Routines can be reused in future, when we decide how to
>> handle DNSSEC in FreeIPA.
>>
>> I checked the "dnsrecord-<rrtype>-add" list below and DNSSEC related
>> records are DS, KEY, NSEC, RRSIG, SIG.
>>
>> Regards, Adam
> Since we don't know how DNSSEC records will be handled, I would rather
> don't implement the methods now and then reimplement them.
>
> When I was implementing DNS validators in patch 120 I noticed we provide
> API to add many RR types that are not supported via bind-dyndb-ldap at
> all. Any attempt to add them ends with missing LDAP schema attribute
> error.
>
> Since the new API is targeted for new FreeIPA major release I wouldn't
> be afraid to remove all these RR types from our API (they don't work
> anyway).
>
> This applies to these RR types: APL, DHCID, DLV, DNSKEY, HIP, IPSECKEY,
> NSEC3, NSEC3PARAM, RP, TA, TKEY, TSIG.
>
> IMO, we should then add there RR types _only_ when they are supported by
> bind-dyndb-ldap.
Ack, this is the best for now.
Regards, Adam
More information about the Freeipa-devel
mailing list