bind 9.11.3 BIND9_FLATFILE update-policy
Andrew Bartlett
abartlet at samba.org
Wed Oct 10 18:23:37 UTC 2018
On Wed, 2018-10-10 at 14:38 +0300, Sergey Urushkin wrote:
> ---
> Best regards,
> Sergey Urushkin
>
>
> Andrew Bartlett писал 2018-10-10 13:04:
> >
> > Sergey,
> >
> > Can you fill us in on your use case here?
>
> Actually, this is just history. When we were migrating from samba3 NT
> domain (that was 4.0 alfa-beta times) DLZ backend was buggy, didn't work
> with bind views, didn't support zone types mixing (plain+dlz), dhcp-dns
> updates (that's what left in my memory, I could be wrong). Every of
> these problems could be solved in some way, but this required additional
> configuring, migration and risks, so we decided to do this later. Now
> all that problems seems to be solved and dlz is really stable, so I
> don't see any reason for not using DLZ/INTERNAL for new installations.
> But since we still don't need features of DLZ, we are still PLAIN,
> that's why I'm voting for supporting this feature :).
The only part of this that can't be supported is views, but that could
be done on another server (with a zone type of forward pointing at
Samba) and leave the Samba server with a simple configuration.
> May be someone has a configured/patched bind version, so that dlz breaks
> it, but I haven't met such. If someone has plain backend he knows what
> he is doing (and can fix config files), so all we need to support this
> backend without auto-breaking it in the future - is removing
> dns_update.c code. And for new installations we could describe this
> backend as DEPRECATED in docs/tools.
>
> Fixed patch attached.
OK, how about this for a plan:
* This patch for master, then backported to 4.9 (also removing the
dns_update.c code).
The rationale is also that we think that kicking bind with a rndc
reload can crash bind (sadly we can't reliably reproduce), we can't do
the version detection at runtime, can't tell if we are in
BIND9_FLATFILE and shouldn't be doing that on a timer tick for 99% of
installs.
* Then mark as DEPRECATED and remove BIND9_FLATFILE from provision in
master for 4.10.
We can do this on a more accelerated schedule than normal because
existing installations, unchanged, won't notice anything.
What do you think? Alternately it might be simpler to just:
* Remove the provision and dns_update.c code from master for 4.10,
leave 4.9 alone. Bypass our normal feature deprecation rules because
existing installs will continue to just work, add a note to WHATSNEW.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list