[Freeipa-devel] [PATCH] 195-199 New DNS features
Rob Crittenden
rcritten at redhat.com
Tue Feb 14 14:10:39 UTC 2012
Simo Sorce wrote:
> On Tue, 2012-02-14 at 12:09 +0100, Martin Kosek wrote:
>> A new version of bind-dyndb-ldap has been released, sending fixed
>> patches with the following major changes:
>> - Since bind-dyndb-ldap supports only idnsForwarders global option at
>> this time, all other global options were removed from the API. They
>> were
>> left in the schema though so that the schema is consistent with
>> bind-dyndb-ldap supported schema and the support of these options in
>> the
>> future can be added more seamlessly
>> - idnsAllowQuery and idnsAllowTransfer format has changed to follow
>> BIND
>> format (ACI elements separated with semicolon). An example of such
>> element:
>>
>> ipa dnszone-mod example.com --allow-query="10.0.0.1;!10.0.0.0/8;any;"
>>
>> This ACI would forbid machine from any IP from 10.0.0.0/8 network
>> besides 10.0.0.1 to query the name server. All other machines are
>> allowed to issue queries.
>
> Any good reason why this is not a multi-value attribute ?
> Do these ACIs need to be ordered ? (that would be probably a good
> reason).
That's exactly it!
rob
More information about the Freeipa-devel
mailing list