-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/28/2011 12:38 PM, Sumit Bose wrote:
On Fri, Feb 25, 2011 at 08:05:08AM -0500, Simo Sorce wrote:
> On Fri, 25 Feb 2011 13:06:22 +0100
> Sumit Bose <sbose(a)redhat.com> wrote:
>
>> Hi,
>>
>> this patch should fix trac ticket #810 and fixes pro-actively a
>> potential issue with the realm.
>>
>> bye,
>> Sumit
>
> NACK,
> not all IPA server are necessarily also a DNS server.
> Specifying a server may make the code try to reach a server that
> doesn't host a DNS instance.
>
> I see 2 possibilities here.
> Try once with the server explicitly and if it fails fallback to let
> nsupdate find the server from the SOA record.
> Or always let nsupdate find the SOA record and try to fallback to
> explicit server if that fails.
Thank you for the review. I took the second possibility, because I think
it is the more general approach. There might be one drawback. Depending
on how the IPA DNS server sets the master name field in the SOA record
all dynamic updates might be send to a single server. If you prefer the
other possibility in this case I can easily modify the patch.
bye,
Sumit
>
We discussed this approach yesterday on IRC with Simo and the result is
that it's fine. This patch also works OK, so ACK unless Simo has any
other reservations.
A single server is always hit with updates because of a bug in IPA -
Bind instances on replicas are not added as NS records (tracked as
ticket #1034 in freeipa trac).
Jakub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk1vl8sACgkQHsardTLnvCU5nACfaG+/rYO8ERVlh0IdpdH+0nEU
fmIAoLKkc49bNxgrBCye5WPb/bGdvQzT
=25Ya
-----END PGP SIGNATURE-----