On 08/15/2011 04:36 PM, Simo Sorce wrote:
> On Mon, 2011-08-15 at 14:20 +0200, Martin Kosek wrote:
>> A new version of bind-dyndb-ldap has been released. Thanks to the new
>> persistent search feature, the name server can immediately pull new DNS
>> zones when they are created in IPA.
>>
>> Since the bind-dyndb-ldap plugin has not been released in F-15 yet, one
>> has to use the provided src.rpm:
>>
>> http://mkosek.fedorapeople.org/bind-dyndb-ldap/srpm/bind-dyndb-ldap-0.2.0-5.fc17.src.rpm
>>
>> or rpms I built for x86_64 F-15:
>>
>> http://mkosek.fedorapeople.org/bind-dyndb-ldap/x86_64/
>>
>> There is one setback though. When I investigated DNS persistent search
>> behavior I still miss the ability to detect changes to the DNS zone
>> itself. Adding a record (for example MX record) to the zone does not
>> trigger an update of the zone in nameserver cache. We still have to wait
>> for cache timeout (argument "cache_ttl"). We cannot therefore use this
>> feature as a solution of:
>>
>> https://fedorahosted.org/freeipa/ticket/1114
>> https://fedorahosted.org/freeipa/ticket/1125
>> https://fedorahosted.org/freeipa/ticket/1126
> Is this a bug/deficiency of the plugin ? Or is it something that depends
> on named internals somehow ?
>
> Simo.
>
Sorry for late response, I'm finally back from vacation.
There are two separate issues.
The first one is that the plugin didn't purge outdated (i.e.
persistent-search modified) zone data from cache. Patch for this issue
is attached.
The second issue is that the plugin doesn't recognize newly added
records which have same FQDN as zone, which are KX/MX/LOC records for
example. I haven't found why this happens, yet.
Regards, Adam
>From f4ab6f161d29bab81e566b739730b104a8f34545 Mon Sep 17 00:00:00 2001
From: Adam Tkac <at...@redhat.com>
Date: Wed, 10 Aug 2011 16:06:39 +0200
Subject: [PATCH] Expire SOA record in cache when we modify the zone.
Signed-off-by: Adam Tkac <at...@redhat.com>
---
src/cache.h | 6 ++++++
src/ldap_helper.c | 4 ++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/src/cache.h b/src/cache.h
index f5956cf..ade5aa5 100644
--- a/src/cache.h
+++ b/src/cache.h
@@ -59,6 +59,12 @@ ldap_cache_addrdatalist(ldap_cache_t *cache, dns_name_t
*name,
ldapdb_rdatalist_t *rdatalist);
/*
+ * Delete matching "name" from the cache.
+ */
+isc_result_t
+ldap_cache_deletename(ldap_cache_t *cache, dns_name_t *name);
+
+/*
* Returns ISC_TRUE when cache is enabled.
*/
isc_boolean_t
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 96c7349..7214dc1 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -695,6 +695,8 @@ ldap_delete_zone(ldap_instance_t *inst, const char *dn,
isc_boolean_t lock)
result == ISC_R_LOCKBUSY);
if (result == ISC_R_SUCCESS)
unlock = ISC_TRUE;
+
+ CHECK(discard_from_cache(inst->cache, &name));
}
result = zr_get_zone_ptr(inst->zone_register, &name, &zone);
@@ -758,6 +760,8 @@ ldap_parse_zoneentry(ldap_entry_t *entry, ldap_instance_t
*inst,
if (result == ISC_R_SUCCESS)
unlock = ISC_TRUE;
+ CHECK(discard_from_cache(inst->cache, &name));
+
create:
/*
* Check if we are already serving given zone.
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
