#649 Reflect DNS changes in bind-dyndb-ldap cache immediately
Closed: Fixed None Opened 9 years ago by admiyo.

DNS management is tricky due to caching issues. One thing that DNS servers frequently require is a "kick" or manual push of the DNS issues to the other servers. Thus, on the zone details page, we should have a button that triggers a sync of DNS info out to other servers.

If the full persistent search is implemented, the changes would be reflected in bind-dyndb-ldap immediately without a need to push any button or reload name server. There is a feature tracking ticket here:


Are we talking about syncing with other replicas or other DNS servers outside the domain?
If replicas then it should already happen automatically. If we are talking about syncing with other servers outside domain let us have a CLI for this first.

This should be handled when this bug is addressed in the bind-dyndb-ldap plugin:

Leaving this in 2.1 for now. Currently this is still not possible in bind-dyndb-ldap and it may never appear as a "button" to be pressed.

Implementation for FreeIPA part is ready. Waiting for bind-dyndb-ldap features that the patch depends on to be completed. Pushing to July milestone.

Moving to Assigned as implementation is ready and I am just waiting for bind-dyndb-ldap fix.

Moving to the next milestone - changes to bind-dyndb-ldap are not done yet.

This would be fixed if


is fixed. Moving to 3.0 as the bug above was scheduled for RHEL 6.3.

Renaming the ticket to reflect the planned changes more.

I think this ticket belongs to the core effort.

Fixed in bind-dyndb-ldap upstream:


This ticket will serve as a tracking ticket until updated bind-dyndb-ldap is released.

How to test:

  1. Install FreeIPA with DNS support
  2. Check that persistent search is not set. /etc/named.conf should contain

    dynamic-db "ipa" {
    arg "zone_refresh 30";
    arg "psearch no";

Test that zones are propagated to bind without the persistent search enabled with some delay

  1. Add new zone:

    ipa dnszone-add example.com --name-server=hostname

  2. Test if it is returned by bind:

    dig -t soa example.com

New zone should be returned with some delay (30s max).

Test that modified records are propagated to bind without the persistent search enabled with some delay

  1. Create a DNS record

    ipa dnsrecord-add example.com foo1 --a-rec=

  2. Ask for it so that it is placed in bind-dyndb-ldap cache

    dig foo1.example.com

  3. Modify the record in the server:

    ipa dnsrecord-add example.com foo1 --a-rec=

    Record name: foo1
    A record:,

  4. Try to get the changed record:

    dig foo1.example.com

New modified record should be returned with some delay (30s max).

Now, lets enable persistent search in /etc/named.conf:

dynamic-db "ipa" {
    arg "zone_refresh 0";
    arg "psearch yes";

Then when the named is restarted and persistent search is thus activated, both zone and record should be created/updated immediately.

Moving to next month iteration.

Metadata Update from @admiyo:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02

3 years ago

Login to comment on this ticket.