[Freeipa-users] Announcing bind-dyndb-ldap version 5.1

Petr Spacek pspacek at redhat.com
Thu Jul 24 11:03:05 UTC 2014


The FreeIPA team is proud to announce bind-dyndb-ldap version 5.1.

It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/

The new version has also been built for Fedora 20+ and and is on its way to 
updates-testing:
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-5.1-1.fc20

Release to Fedora 'updates' repo will be coordinated with FreeIPA 4.0 release 
to prevent breakages.

== Changes in 5.1 ==
[1] Fix crash during reconnection to LDAP.

== Changes in 5.0 ==
[1] Support for DNSSEC in-line signing was added. Now any LDAP zone can be
     signed with keys provided by user.

[2] DNSKEY, RRSIG, NSEC and NSEC3 records are automatically managed
     by BIND+bind-dyndb-ldap. Respective attributes in LDAP are ignored.

[3] Forwarder semantic was changed to match BIND's semantics:
     - idnsZone object always represents master zone
     - idnsForwardZone object (new) always represents forward zone

[4] Master root zone can be stored in LDAP.


== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted 
manually after the RPM installation.

!!! CAUTION !!!
idnsZone object class changed it's semantics in version 5.0. Please read
https://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/plain/README
and update idnsForwarders and idnsForward policy attributes in your DNS zones 
accordingly.

Transition from idnsZone to idnsForwardZone object class can be made seamless 
if you change data in LDAP before you upgrade to version 5.x. All 
bind-dyndb-ldap versions >= 3.0 support the idnsForwardZone object class.


Users of FreeIPA < 4.0 should be careful when upgrading bind-dyndb-ldap to 
version >= 5.0 (if they do not upgrade to FreeIPA 4.x at the same time).

Configuration semantics related to conditional (per-zone) forwarding has 
changed and FreeIPA < 4.0 doesn't have appropriate user interface and API.

It is safe to upgrade if you use *only* global forwarders (shown by 'ipa 
dnsconfig-show') and *do not* use per-zone forwarders (shown by 'ipa 
dnszone-show').

Don't hesitate to ask freeipa-users mailing list if you need help with upgrade.
!!! CAUTION !!!

Downgrading back to any 4.x version is supported.


== Feedback ==
Please provide comments, report bugs and send any other feedback via the 
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Petr^2 Spacek




More information about the Freeipa-users mailing list