[Freeipa-devel] [PATCH] 045 Add DNS record modification command

Martin Kosek mkosek at redhat.com
Tue Apr 5 15:59:21 UTC 2011 

On Mon, 2011-04-04 at 10:45 -0400, Adam Young wrote:
> On 04/04/2011 10:26 AM, Jakub Hrozek wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 04/04/2011 03:38 PM, Simo Sorce wrote:
> >>> I think that this is kinda hard to do in CLI..in GUI the user can
> >>>> easily pick a record to mod, but for CLI case I would actually lean
> >>>> towards the approach Martin took in his original patch..that is, a
> >>>> -mod replaces the entries altogether.
> >> Why is it hard ?
> >> You just need to provide means to delete and add records in the same
> >> command.
> >>
> >> ipa dnsrecord-mod DNSZONE DNSRECORD --del-a-rec=1.2.3.4 \
> >> --add-a-rec=4.3.2.1
> >>
> >> to replace all:
> >> ipa dnsrecord-mod DNSZONE DNSRECORD --del-all --add-a-rec=4.3.2.1
> >>
> >>
> > I was not trying to say it is not technically doable, but it's hard to
> > use. Imagine how the --help output would look like, if for every RR we
> > would also generate a --del equivalent..even now the output almost
> > doesn't fit on screen.
> I agree.  I am not a far of the ability to do operations for multiple 
> record types in the same command.  It is strangly in consistant to be 
> able to add an A Record, CNAMe, MX and AAAA record all in the same command.

We are modifying one or more attributes of the LDAP DNS record object -
I don't find it inconsistent. It is the same like when we edit the user,
we can set his email and title using one command.

> I'm starting to think that the dnsrecord should not be a separate entity 
> exposed by the CLI, but instead should be wrapped up into the dnszone 
> entity.  That seems to be how the LDAP object is defined.  We treat each 
> record type as a multi-value field, and we use a consistant look and 
> feel as  email addresses and phone numbers in the user object.  Then, 
> modifying an A record is the same as modifing a phone number:  us 
> add-attr/set-addr for each valu.
>
> Step one would be to modify the dns zone object to have this API, and to 
> mark the dnsrecord object as deprecated.  We can leave it for the 
> remainder of the release, and remove it in 3.0

In LDAP, we have an object for the zone with Object Classes idnszone and
idnsrecord (e.g. example.com). Then there are LDAP objects representing
DNS records (e.g. www) with OC idnsrecord with the DNS zone object as a
parent. Both DNS zone and DNS record objects can contain the actual DNS
resource records as its attributes (e.g. attribute srvRecord or
aRecord).

I think the current dns plugin reflects this structure well by having
commands for both dnszone and dnsrecords. We need both objects for
managing DNS.

Martin

More information about the Freeipa-devel mailing list