[Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap
Rob Crittenden
rcritten at redhat.com
Tue Mar 20 14:27:18 UTC 2012
Martin Kosek wrote:
> On Tue, 2012-03-13 at 10:54 +0100, Petr Spacek wrote:
>> On 03/12/2012 07:10 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
>>>>> These 2 patches changes the DNS API to support the last missing bits in
>>>>> new bind-dyndb-ldap:
>>>>>
>>>>> 1) Both global and per-zone forwarders now support a conditional custom
>>>>> port (with format "IP_ADDRESS PORT")
>>>>> 2) Missing global configuration options have been added:
>>>>> * idnsforwardpolicy: Default policy for conditional forwarding
>>>>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
>>>>> updates
>>>>> * idnszonerefresh: Default interval between regular polls of the
>>>>> name server for new DNS zones
>>>>>
>>>>> Before these patches are pushed, I will just have to update the minimal
>>>>> bind-dyndb-ldap version (it has not been built yet) which have a full
>>>>> support for these.
>>>>>
>>>>> Martin
>>>>
>>>> New version of bind-dyndb-ldap has been released, attaching a rebased
>>>> patch with fixed bind-dyndb-ldap version in spec file.
>>>>
>>>> I also fixed the forwarder format, it should be "$IP port $PORT", not
>>>> "$IP $PORT" as it was in a previous version of the patch. I tested this
>>>> new format with bind-dyndb-ldap it forwards the queries properly.
>>>>
>>>> Unfortunately, fixed version of bind have not been released yet, i.e.
>>>> bind will crash if forwarders are defined both in named.conf and LDAP
>>>> global configuration (dnsconfig-mod).
>>>>
>>>> Martin
>>>
>>> The patch itself looks ok, just a couple of general concerns:
>>>
>>> 1. By default dnsconfig-show displays nothing. This is a little
>>> disconcerting. I don't believe we show empty attributes anywhere else,
>>> not sure if we should make an exception here or show some other message,
>>> perhaps a varying summary?
>>>
>>> 2. I don't think there is a lot we can do but this still conflicts with
>>> the file-based configuration. For example, someone can add a forwarder
>>> and caused named to not restart the next time because there is also one
>>> defined in named.conf. I'd almost prefer that one win rather than the
>>> daemon not start at all. But for our purposes people may get confused
>>> because they don't see the forwarders they configured at install time
>>> and merely managing this list can break your name server at some
>>> undetermined future point.
>>>
>>> rob
>>
>> This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 .
>>
>> Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some
>> point this week. (This Adam said yesterday on IRC.)
>>
>> Current solution prefers value from LDAP before local configuration.
>>
>> Petr^2 Spacek
>>
>
> The fix for this BZ has been backported to Fedora 16 and released to
> updates-testing:
> https://admin.fedoraproject.org/updates/FEDORA-2012-4091/bind-9.8.2-0.4.rc2.fc16
>
> Attaching a patch which properly forbids conflicts with older versions
> of bind. The new bind should no longer crash when a configuration
> options like forwarders is defined both in LDAP and named.conf.
>
> Martin
ACK to both
More information about the Freeipa-devel
mailing list