[Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap
Martin Kosek
mkosek at redhat.com
Tue Mar 20 14:41:19 UTC 2012
On Tue, 2012-03-20 at 10:27 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2012-03-13 at 10:54 +0100, Petr Spacek wrote:
> >> On 03/12/2012 07:10 PM, Rob Crittenden wrote:
> >>> Martin Kosek wrote:
> >>>> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
> >>>>> These 2 patches changes the DNS API to support the last missing bits in
> >>>>> new bind-dyndb-ldap:
> >>>>>
> >>>>> 1) Both global and per-zone forwarders now support a conditional custom
> >>>>> port (with format "IP_ADDRESS PORT")
> >>>>> 2) Missing global configuration options have been added:
> >>>>> * idnsforwardpolicy: Default policy for conditional forwarding
> >>>>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
> >>>>> updates
> >>>>> * idnszonerefresh: Default interval between regular polls of the
> >>>>> name server for new DNS zones
> >>>>>
> >>>>> Before these patches are pushed, I will just have to update the minimal
> >>>>> bind-dyndb-ldap version (it has not been built yet) which have a full
> >>>>> support for these.
> >>>>>
> >>>>> Martin
> >>>>
> >>>> New version of bind-dyndb-ldap has been released, attaching a rebased
> >>>> patch with fixed bind-dyndb-ldap version in spec file.
> >>>>
> >>>> I also fixed the forwarder format, it should be "$IP port $PORT", not
> >>>> "$IP $PORT" as it was in a previous version of the patch. I tested this
> >>>> new format with bind-dyndb-ldap it forwards the queries properly.
> >>>>
> >>>> Unfortunately, fixed version of bind have not been released yet, i.e.
> >>>> bind will crash if forwarders are defined both in named.conf and LDAP
> >>>> global configuration (dnsconfig-mod).
> >>>>
> >>>> Martin
> >>>
> >>> The patch itself looks ok, just a couple of general concerns:
> >>>
> >>> 1. By default dnsconfig-show displays nothing. This is a little
> >>> disconcerting. I don't believe we show empty attributes anywhere else,
> >>> not sure if we should make an exception here or show some other message,
> >>> perhaps a varying summary?
> >>>
> >>> 2. I don't think there is a lot we can do but this still conflicts with
> >>> the file-based configuration. For example, someone can add a forwarder
> >>> and caused named to not restart the next time because there is also one
> >>> defined in named.conf. I'd almost prefer that one win rather than the
> >>> daemon not start at all. But for our purposes people may get confused
> >>> because they don't see the forwarders they configured at install time
> >>> and merely managing this list can break your name server at some
> >>> undetermined future point.
> >>>
> >>> rob
> >>
> >> This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 .
> >>
> >> Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some
> >> point this week. (This Adam said yesterday on IRC.)
> >>
> >> Current solution prefers value from LDAP before local configuration.
> >>
> >> Petr^2 Spacek
> >>
> >
> > The fix for this BZ has been backported to Fedora 16 and released to
> > updates-testing:
> > https://admin.fedoraproject.org/updates/FEDORA-2012-4091/bind-9.8.2-0.4.rc2.fc16
> >
> > Attaching a patch which properly forbids conflicts with older versions
> > of bind. The new bind should no longer crash when a configuration
> > options like forwarders is defined both in LDAP and named.conf.
> >
> > Martin
>
> ACK to both
>
Thanks. Pushed to master, ipa-2-2.
Martin
More information about the Freeipa-devel
mailing list