[Freeipa-devel] [PATCH] 227-228 Add last missing bits in new bind-dyndb-ldap

Petr Spacek pspacek at redhat.com
Tue Mar 13 09:54:42 UTC 2012 

On 03/12/2012 07:10 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
>>> These 2 patches changes the DNS API to support the last missing bits in
>>> new bind-dyndb-ldap:
>>>
>>> 1) Both global and per-zone forwarders now support a conditional custom
>>> port (with format "IP_ADDRESS PORT")
>>> 2) Missing global configuration options have been added:
>>> * idnsforwardpolicy: Default policy for conditional forwarding
>>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
>>> updates
>>> * idnszonerefresh: Default interval between regular polls of the
>>> name server for new DNS zones
>>>
>>> Before these patches are pushed, I will just have to update the minimal
>>> bind-dyndb-ldap version (it has not been built yet) which have a full
>>> support for these.
>>>
>>> Martin
>>
>> New version of bind-dyndb-ldap has been released, attaching a rebased
>> patch with fixed bind-dyndb-ldap version in spec file.
>>
>> I also fixed the forwarder format, it should be "$IP port $PORT", not
>> "$IP $PORT" as it was in a previous version of the patch. I tested this
>> new format with bind-dyndb-ldap it forwards the queries properly.
>>
>> Unfortunately, fixed version of bind have not been released yet, i.e.
>> bind will crash if forwarders are defined both in named.conf and LDAP
>> global configuration (dnsconfig-mod).
>>
>> Martin
>
> The patch itself looks ok, just a couple of general concerns:
>
> 1. By default dnsconfig-show displays nothing. This is a little
> disconcerting. I don't believe we show empty attributes anywhere else,
> not sure if we should make an exception here or show some other message,
> perhaps a varying summary?
>
> 2. I don't think there is a lot we can do but this still conflicts with
> the file-based configuration. For example, someone can add a forwarder
> and caused named to not restart the next time because there is also one
> defined in named.conf. I'd almost prefer that one win rather than the
> daemon not start at all. But for our purposes people may get confused
> because they don't see the forwarders they configured at install time
> and merely managing this list can break your name server at some
> undetermined future point.
>
> rob

This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 .

Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some 
point this week. (This Adam said yesterday on IRC.)

Current solution prefers value from LDAP before local configuration.

Petr^2 Spacek

More information about the Freeipa-devel mailing list