On 18.4.2016 21:33, Simo Sorce wrote: > On Mon, 2016-04-18 at 17:44 +0200, Petr Spacek wrote: >> * Find, filter and copy hand-made records from main tree into the >> <tt>_locations</tt> sub-trees. This means that every hand-made record >> needs to be copied and synchronized N-times where N = number of IPA >> locations. > > This ^^ seem the one that provides the best semantics for admins and the > least unexpected results. > >> My favorite option for the first version is 'document that enabling >> DNS location will hide hand-made records in IPA domain.' > > I do not think this is acceptable, sorry. > >> The feature is disabled by default and needs additional configuration >> anyway so simply upgrading should not break anything. > > It is also useless this way. > >> I'm eager to hear opinions and answers to questions above. > > HTH,
Well it does not help because you did not answer the questions listed in the design page. Anyway, here is third version of the design. It avoids copying user-made records (basically 2 DNAMEs were replaced with bunch of CNAMEs): http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Design_.28Version_3:_CNAME_per_service_name.29 It seems like a good middle ground: http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Comparison_of_proposals This required changes in RecordGenerator design, too: https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/RecordGenerator Also, CLI was updated to follow Honza's recommendations from previous e-mails: http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CLI Please review. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code