Learn more about these different git repos.
Other Git URLs
Make it possible to setup named in such a way that it does not serve anything if LDAP is not available.
https://www.redhat.com/archives/freeipa-users/2014-October/msg00016.html
LDAP server is not reachable when IPA is down so BIND cannot see zones in LDAP and "global" forwarding in named.conf causes that it accidentally works for you
Since unreachable LDAP server can cause bind to forward requests for zones it shouldn't be forwarding, either make it possible to cache the list of zones that were seen as stored in the LDAP database the last time things worked and only forward request for the other ones, or refuse to serve anything because without the LDAP access we do not know which zones should be forwarded and which shouldn't.
I'd argue that it's better to return error than to give an answer which shouldn't be given.
Not sure.
Petr Š. notes that in the past named refused to start when LDAP was not available. Due to the service start ordering this caused issues and was thus removed:
https://bugzilla.redhat.com/show_bug.cgi?id=662930
I'd argue that named probably shouldn't refuse to start if it's waiting for localhost LDAP (or any LDAP for that matter) but it also shouldn't be forwarding everything.
Another alternative is to store list-of-zones-seen-last-time somewhere on disk and refure to serve only these domains.
Results of planning meeting held on 2014-11-04.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1207545
These tickets are not directly related to upcomming FreeIPA 4.4 features.
Moving tickets as triaged on 2016-02-11 with mkosek. These tickets are not going to be implemented without strong need/good justification.
I'm setting priority to 'critical' so these tickets stay on top of The Backlog bucket.
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: The Backlog
Login to comment on this ticket.