[Freeipa-devel] Support for Bind forward zones
Alexander Bokovoy
abokovoy at redhat.com
Fri Dec 9 10:33:39 UTC 2011
On Fri, 09 Dec 2011, Martin Kosek wrote:
> This is my idea of what could be done:
> 1) Introduce a new objectClass "idnsConfigObject" which would hold all
> bind-dyndb-ldap global settings attributes. I would add the following
> attributes:
> * idnsAllowSyncPTR: global settings with semantics of sync_ptr in
> named.conf.
> * dnsForwardPolicy
> * idnsForwarders
> * idnsZoneRefresh (zone_refresh argument in named.conf)
> * idnsPersistentSearch (psearch argument in named.conf)
>
> 2) Create a config object in FreeIPA (in replicated space):
> cn=dns,cn=etc,$SUFFIX
>
> 3) Add a support for this global settings object to bind-dyndb-ldap and
> create a config option in named.conf pointing to the global config base
> DN:
> dynamic-db "ipa" {
> ...
> arg "config_base cn=dns,cn=etc,dc=example,dc=com";
> ...
> };
>
> 4) Add API for global DNS config to FreeIPA server. Example commands:
> $ ipa dnsconfig-show
> $ ipa dnsconfig-mod --forwarders=10.0.0.1,10.0.0.2 --forward-policy=only
I agree with the latter approach. Looks cleaner and also allows to
properly handle replicated DNS setup.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list