[Freeipa-devel] [PATCH 0155] DNS server upgrade: do not fail when DNS server did not respond
Martin Basti
mbasti at redhat.com
Thu Aug 11 15:38:38 UTC 2016
On 11.08.2016 15:18, Petr Spacek wrote:
> On 11.8.2016 15:08, Petr Spacek wrote:
>> Hello,
>>
>> DNS server upgrade: do not fail when DNS server did not respond
>>
>> Previously, update_dnsforward_emptyzones failed with an exeception if
>> DNS query failed for some reason. Now the error is logged and upgrade
>> continues.
>>
>> I assume that this is okay because the DNS query is used as heuristics
>> of last resort in the upgrade logic and failure to do so should not have
>> catastrophics consequences: In the worst case, the admin needs to
>> manually change forwarding policy from 'first' to 'only'.
>>
>> In the end I have decided not to auto-start BIND because BIND depends on
>> GSSAPI for authentication, which in turn depends on KDC ... Alternative
>> like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to
>> accept LDAP external bind from named user are too complicated.
>>
>> https://fedorahosted.org/freeipa/ticket/6205
> Here is variant for master branch. Enjoy.
>
ACK
More information about the Freeipa-devel
mailing list