Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fedora-26] named.conf template: update API for bind 9.11 #351

Closed
wants to merge 3 commits into from
Closed

[fedora-26] named.conf template: update API for bind 9.11 #351

wants to merge 3 commits into from

Conversation

tkrizek
Copy link
Contributor

@tkrizek tkrizek commented Dec 19, 2016
edited by MartinBasti

Please do not merge this patch upstream, we need to have BIND 9.11 available before we do, otherwise it will break DNS installation. This patch is intended for Fedora 26 downstream and I'm only posting it for review.

This patch only fixes DNS for new IPA installations. Another patch for fixing existing named configs is necessary. This will most likely be fixed in bind-dyndb-ldap upstream.

Use the new API for bind 9.11. Removed deprecated "serial_autoincrement"
and updated the rest of configuration to conform to the new format.

https://fedorahosted.org/freeipa/ticket/6565

@tkrizek
Copy link
Contributor Author

tkrizek commented Dec 19, 2016

The version of BIND in freeipa.spec.in is also subject to change. There is currently a bug that affects named-pkcs11, but not named.

I also have a COPR repo with bind 9.11 for F25. I'm going to add bind-dyndb-ldap v11.0 there as well.

I'll also try to build for Fedora 24.

MartinBasti
MartinBasti reviewed Jan 5, 2017
View reviewed changes
install/share/bind.named.conf.template
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/$FQDN";
arg "serial_autoincrement yes";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why serial autoincrement was removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an obsolote option that is no longer supported.

@MartinBasti MartinBasti self-assigned this Jan 5, 2017
@MartinBasti
Copy link
Contributor

How do you solve upgrades F25->F26?

@tkrizek
Copy link
Contributor Author

tkrizek commented Jan 5, 2017

This fix only applies to new IPA installations.

Upgrade of named.conf will be handled separately by bind-dyndb-ldap. When a new version will be installed, a postinstall scriptet will run a script to transform named.conf to the new format.

@tkrizek tkrizek mentioned this pull request Jan 9, 2017
Closed
@tkrizek
Copy link
Contributor Author

tkrizek commented Jan 9, 2017

Required version of BIND is a subject to change. When a version with fixed named-pkcs11 issue (BZ 1410433) is released, I will update it. Patch should not be merged until then.

Tomas Krizek added 3 commits January 26, 2017 11:14
Remove obsolete serial_autoincrement from named.conf parsing
d62fbe6 
Option serial_autoincrement is no longer supported. Remove it from
the named.conf parser and add it to deprecated options to be removed.

https://fedorahosted.org/freeipa/ticket/6565
named.conf template: update API for bind 9.11
c7be6ab 
Use the new API for bind 9.11. Removed deprecated "serial_autoincrement"
and updated the rest of configuration to conform to the new format.

This only fixes new IPA installations. For existing installations,
named.conf will be transformed when the new version of bind-dyndb-ldap
is installed.

https://fedorahosted.org/freeipa/ticket/6565
bump required version of BIND, bind-dyndb-ldap
328f8ab 
bynd-dyndb-ldap used a custom configuration file format. Since BIND 9.11,
an API was accepted upstream. This caused backward incompatible changes
to the named.conf configuration file used to configure the
bind-dyndb-ldap BIND plugin. Version 11.0 of bind-dyndb-ldap plugin and
BIND 9.11 are required to use with the new config file format.

https://fedorahosted.org/freeipa/ticket/6565
@tkrizek
Copy link
Contributor Author

tkrizek commented Jan 26, 2017

I've updated the version of BIND and the patch should be complete. I suggest we do a review (you can use https://copr.fedorainfracloud.org/coprs/tkrizek/bind-9.11/ for F24/F25), but delay merging this patch so we do not have to use the COPR for our upstream development until necessary.

@MartinBasti
Copy link
Contributor

Tested manually

@MartinBasti MartinBasti added the ack Pull Request approved, can be merged label Feb 9, 2017
@MartinBasti
Copy link
Contributor

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/c26dd805bdb020b12346d8cb66638883c1f46b9e
https://fedorahosted.org/freeipa/changeset/e8a2abd548b594e6f22f38445ee32bcaa7f27303
https://fedorahosted.org/freeipa/changeset/5de7065fe5769e5c3d90205b0ecc963d96f4db58

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Feb 9, 2017
@MartinBasti MartinBasti closed this Feb 9, 2017
@tkrizek tkrizek deleted the t6565-named-template branch September 15, 2017 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MartinBasti MartinBasti MartinBasti left review comments

Assignees

@MartinBasti MartinBasti

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@tkrizek @MartinBasti