Learn more about these different git repos.
Other Git URLs
Related to IPA ticket: https://fedorahosted.org/freeipa/ticket/2554
In multi-master environment is hard to maintain SOA serial number in right way from bind-dyndb-ldap plugin. It should be done inside Directory server plugin.
It is necessary to reflect latest SOA value in plugin: It means provide option "do not update & do not cache SOA serial number".
Further investigation needed: How it will interact with BIND dynamic update log and IXFR support?
This approach was obsoleted by independent SOA serial number on each IPA server.
Discussion: https://www.redhat.com/archives/freeipa-devel/2012-May/msg00047.html
Zone transfer RFE: https://bugzilla.redhat.com/show_bug.cgi?id=766233
Solution for SOA serial incrementation described in ticket #67 was implemented to FreeIPA 3.0. Unfortunatelly, major disadvantages were discovered after FreeIPA 3.0 release.
Found problems:
This ticket is about implementing another way for SOA serial implementation:
Related to FreeIPA ticket #3347.
Solution described ​Design document is hard to implement correctly, because 389 DS doesn't have proper structures for representing each DNS zone and atomic incrementich serial for each zone separately.
As an interim solution I implemented simple 389 DS plugin which adds missing idnsSOAserial attribute if necessary. The 389 plugin is part of FreeIPA source tree, see [e-mail thread with the patch] and https://fedorahosted.org/freeipa/changeset/6f395d9ede7e20305e90c0c6b3150307277081c3/ FreeIPA commit 6f395d9ede7e20305e90c0c6b3150307277081c3.
idnsSOAserial
For now, the incrementation logic is still part of bind-dyndb-ldap. I will leave this ticket open.
The proposed approarch seems unreasonable, as seen in the light of latest DNSSEC development.
Metadata Update from @pspacek: - Issue assigned to pspacek - Issue set to the milestone: Fedora 19
Login to comment on this ticket.