[Freeipa-devel] Structured DNS record API proposal

Simo Sorce simo at redhat.com
Fri Sep 16 12:12:19 UTC 2011


On Fri, 2011-09-16 at 14:04 +0200, Martin Kosek wrote:
> On Fri, 2011-09-16 at 07:58 -0400, Simo Sorce wrote:
> > On Fri, 2011-09-16 at 09:42 +0200, Martin Kosek wrote:
> > > On Thu, 2011-09-15 at 15:28 -0400, Adam Young wrote:
> > > > On 09/14/2011 12:18 PM, Martin Kosek wrote: 
> > > > > Attached in the txt file. If you have any comments or suggestions to
> > > > > this proposal, please let me know.
> > > > > 
> > > > > https://fedorahosted.org/freeipa/ticket/1766
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > Freeipa-devel mailing list
> > > > > Freeipa-devel at redhat.com
> > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > > 
> > > > 
> > > > ACK.  Proposal looks like it will work fairly easily with the UI.
> > > > We'll have to make some chagnes due to the Add doing something
> > > > different based on the type, but that is the case anyway.
> > > 
> > > Yes, I was thinking how can we integrate this new API to WebUI. AFAIK
> > > you use dnsrecord-add $ZONE $REC --a-rec=... --mx-rec=... for adding a
> > > new DNS record and dnsrecord-mod $ZONE $REC --mx-rec=... when for
> > > example the mx record is being modified. All MX values (even the
> > > unmodified ones) are passed to dnsrecord-mod.
> > > 
> > > 1) I was wondering how the new dnsrecord-<rrtype>-add commands can be
> > > used. I suppose WebUI will know a list of DNS record types with these
> > > new structured commands and offer the user new window to add a record
> > > for these types instead of typing them directly to the text box as it is
> > > now.
> > > 
> > > 2) But my main concern here is how the modification of current DNS
> > > records should work. Say, we have 2 MX records for example.com. How can
> > > we modify one of it in a new structured interface?
> > > 
> > > We would have to implement dnsrecord-mx-show method so that you can fill
> > > all the text areas (preference, mailserver). Question is how to refer
> > > the value we want to show since DNS records are multivalued. We could
> > > pass --dnsrecord="..." with DNS record value, e.g. "0 mx.example.com."
> > > and then use the same value for dnsrecord-mx-mod. The whole command
> > > sequence would look this way:
> > > 
> > > dnsrecord-find example.com      -- get all DNS records for example.com
> > > dnsrecord-show example.com @    -- show DNS records directly in the zone
> > > NS: "ns.example.com"
> > > MX: "0 mx1.example.com."
> > > MX: "1 mx2.example.com." << user wants to modify this one -> new window
> > > 
> > > dnsrecord-mx-show example.com --dnsrecord="1 mx1.example.com."
> > > PREFERENCE: 1	         << user modifies this to 0
> > > MAILSERVER: mx2.example.com.
> > > 
> > > dnsrecord-mx-mod example.com --dnsrecord="1 mx1.example.com." --preference=0
> > > 
> > > 
> > > What do you think about this API for record modification?
> > 
> > Although racy, isn't it simpler to just always replace the whole set ?
> > 
> > Simo.
> > 
> 
> How would that work? We are designing -add -show -mod commands for
> mutlivalued LDAP attribute values, we should have some reference what
> value we are modifying. Or did you mean the following command sequence
> for mod operation?
> 
> dnsrecord-del example.com @ --mx-rec="0 mx1.example.com.", "1 mx2.example.com."
> dnsrecord-mx-add example.com @ --priority=0 --mailserver=mx1.example.com.
> dnsrecord-mx-add example.com @ --priority=1 --mailserver=mx2.example.com.

Oh I see, I thought we could add multuple values at the same time, but
with this syntax it is not possible.

Perhaps something like this:

dnsrecord-mod example.com @ --replace --mx-rec="0 mx1.example.com., 1 mx2.example.com."

This would replace any existing record with the list of 'raw' records provided.

Whatever you do do not split this operation into a DEL+ADD, we want an
atomic modify operation in any case. as you do not want to have a race
where named may query the MX records and find them empty. That'd be much
worse than returning one of them outdated.

This means whatever the API we need to support a way to add all values
at the same time. We can also have the more verbose API to make things
more understandable, but we need this "bulk" API for the WebUI IMHO.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list