bind 9.11.3 BIND9_FLATFILE update-policy

Andrew Bartlett abartlet at
Wed Oct 10 18:23:37 UTC 2018

On Wed, 2018-10-10 at 14:38 +0300, Sergey Urushkin wrote:
> ---
> Best regards,
> Sergey Urushkin
> Andrew Bartlett писал 2018-10-10 13:04:
> > 
> > Sergey,
> > 
> > Can you fill us in on your use case here?
> Actually, this is just history. When we were migrating from samba3 NT 
> domain (that was 4.0 alfa-beta times) DLZ backend was buggy, didn't work 
> with bind views, didn't support zone types mixing (plain+dlz), dhcp-dns 
> updates (that's what left in my memory, I could be wrong). Every of 
> these problems could be solved in some way, but this required additional 
> configuring, migration and risks, so we decided to do this later. Now 
> all that problems seems to be solved and dlz is really stable, so I 
> don't see any reason for not using DLZ/INTERNAL for new installations. 
> But since we still don't need features of DLZ, we are still PLAIN, 
> that's why I'm voting for supporting this feature :).

The only part of this that can't be supported is views, but that could
be done on another server (with a zone type of forward pointing at
Samba) and leave the Samba server with a simple configuration. 

> May be someone has a configured/patched bind version, so that dlz breaks 
> it, but I haven't met such. If someone has plain backend he knows what 
> he is doing (and can fix config files), so all we need to support this 
> backend without auto-breaking it in the future - is removing 
> dns_update.c code. And for new installations we could describe this 
> backend as DEPRECATED in docs/tools.
> Fixed patch attached.

OK, how about this for a plan:  

* This patch for master, then backported to 4.9 (also removing the
dns_update.c code). 

The rationale is also that we think that kicking bind with a rndc
reload can crash bind (sadly we can't reliably reproduce), we can't do
the version detection at runtime, can't tell if we are in
BIND9_FLATFILE and shouldn't be doing that on a timer tick for 99% of

* Then mark as DEPRECATED and remove BIND9_FLATFILE from provision in
master for 4.10.

We can do this on a more accelerated schedule than normal because
existing installations, unchanged, won't notice anything.

What do you think?  Alternately it might be simpler to just:

* Remove the provision and dns_update.c code from master for 4.10,
leave 4.9 alone.  Bypass our normal feature deprecation rules because
existing installs will continue to just work, add a note to WHATSNEW.


Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list