[Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap
Rob Crittenden
rcritten at redhat.com
Mon Mar 12 18:10:38 UTC 2012
Martin Kosek wrote:
> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
>> These 2 patches changes the DNS API to support the last missing bits in
>> new bind-dyndb-ldap:
>>
>> 1) Both global and per-zone forwarders now support a conditional custom
>> port (with format "IP_ADDRESS PORT")
>> 2) Missing global configuration options have been added:
>> * idnsforwardpolicy: Default policy for conditional forwarding
>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
>> updates
>> * idnszonerefresh: Default interval between regular polls of the
>> name server for new DNS zones
>>
>> Before these patches are pushed, I will just have to update the minimal
>> bind-dyndb-ldap version (it has not been built yet) which have a full
>> support for these.
>>
>> Martin
>
> New version of bind-dyndb-ldap has been released, attaching a rebased
> patch with fixed bind-dyndb-ldap version in spec file.
>
> I also fixed the forwarder format, it should be "$IP port $PORT", not
> "$IP $PORT" as it was in a previous version of the patch. I tested this
> new format with bind-dyndb-ldap it forwards the queries properly.
>
> Unfortunately, fixed version of bind have not been released yet, i.e.
> bind will crash if forwarders are defined both in named.conf and LDAP
> global configuration (dnsconfig-mod).
>
> Martin
The patch itself looks ok, just a couple of general concerns:
1. By default dnsconfig-show displays nothing. This is a little
disconcerting. I don't believe we show empty attributes anywhere else,
not sure if we should make an exception here or show some other message,
perhaps a varying summary?
2. I don't think there is a lot we can do but this still conflicts with
the file-based configuration. For example, someone can add a forwarder
and caused named to not restart the next time because there is also one
defined in named.conf. I'd almost prefer that one win rather than the
daemon not start at all. But for our purposes people may get confused
because they don't see the forwarders they configured at install time
and merely managing this list can break your name server at some
undetermined future point.
rob
More information about the Freeipa-devel
mailing list