Petr Spacek
2014-02-24 14:46:40 UTC
The FreeIPA team is proud to announce bind-dyndb-ldap version 4.1.
It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/
The new version has also been built for Fedora 20 and and is on its way to
updates-testing:
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-4.1-1.fc20
This release *requires an LDAP server with support for RFC 4533* (aka
SyncRepl) and contains other significant changes.
Please read all the following text! :-)
== Changes in 4.0 and 4.1 ==
[1] Persistent search and zone refresh were replaced by RFC 4533 (SyncRepl).
Options zone_refresh, cache_ttl and psearch were removed.
LDAP attributes idnsZoneRefresh and idnsPersistentSearch were removed.
https://fedorahosted.org/bind-dyndb-ldap/ticket/120
[2] Internal database was re-factored and replaced by RBT DB from BIND 9.
As a result, read-query performance is nearly same as with plain BIND.
Wildcard records are supported and queries for non-existing records
do not impose additional load on LDAP server.
https://fedorahosted.org/bind-dyndb-ldap/ticket/95
https://fedorahosted.org/bind-dyndb-ldap/ticket/6
[3] Plug-in creates journal file for each DNS zone in LDAP. This allows us
to support IXFR. Working directory has to be writable by named,
please see README - configuration option "directory".
https://fedorahosted.org/bind-dyndb-ldap/ticket/64
[4] SOA serial auto-increment feature is now mandatory. The plugin has to have
write access to LDAP.
(Proper SOA serial maintenance is required for journaling.)
[5] Data are not served to clients until initial synchronization with LDAP
is finished. All queries are answered with NXDOMAIN during synchronization.
[6] Crash caused by invalid SOA record was fixed.
[7] Empty instance names (specified by "dynamic-db" directive) were disallowed.
[8] Typo in LDAP schema was fixed.
https://fedorahosted.org/bind-dyndb-ldap/ticket/121
[9] Minor bugs in error handling found by static code analyzers were fixed.
Known problems and limitations
[1] LDAP MODRDN (rename) is not supported at the moment.
[2] Zones enabled at run-time are not loaded properly.
You have to restart BIND after changing idnsZoneActive attribute to TRUE.
[3] Zones and records deleted when connection to LDAP is down are not
refreshed properly after re-connection.
You have to restart BIND to restore consistency.
== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted
manually after the RPM installation.
*Make sure that BIND can write to working directory as described in README*
before you restart BIND.
You will need to clean up configuration file /etc/named.conf if your
configuration contains typos or other unsupported options.
Downgrading back to any 3.x version is supported as long as record types not
supported by old version are not utilized.
== Feedback ==
Please provide comments, report bugs and send any other feedback via the
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users
It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/
The new version has also been built for Fedora 20 and and is on its way to
updates-testing:
https://admin.fedoraproject.org/updates/bind-dyndb-ldap-4.1-1.fc20
This release *requires an LDAP server with support for RFC 4533* (aka
SyncRepl) and contains other significant changes.
Please read all the following text! :-)
== Changes in 4.0 and 4.1 ==
[1] Persistent search and zone refresh were replaced by RFC 4533 (SyncRepl).
Options zone_refresh, cache_ttl and psearch were removed.
LDAP attributes idnsZoneRefresh and idnsPersistentSearch were removed.
https://fedorahosted.org/bind-dyndb-ldap/ticket/120
[2] Internal database was re-factored and replaced by RBT DB from BIND 9.
As a result, read-query performance is nearly same as with plain BIND.
Wildcard records are supported and queries for non-existing records
do not impose additional load on LDAP server.
https://fedorahosted.org/bind-dyndb-ldap/ticket/95
https://fedorahosted.org/bind-dyndb-ldap/ticket/6
[3] Plug-in creates journal file for each DNS zone in LDAP. This allows us
to support IXFR. Working directory has to be writable by named,
please see README - configuration option "directory".
https://fedorahosted.org/bind-dyndb-ldap/ticket/64
[4] SOA serial auto-increment feature is now mandatory. The plugin has to have
write access to LDAP.
(Proper SOA serial maintenance is required for journaling.)
[5] Data are not served to clients until initial synchronization with LDAP
is finished. All queries are answered with NXDOMAIN during synchronization.
[6] Crash caused by invalid SOA record was fixed.
[7] Empty instance names (specified by "dynamic-db" directive) were disallowed.
[8] Typo in LDAP schema was fixed.
https://fedorahosted.org/bind-dyndb-ldap/ticket/121
[9] Minor bugs in error handling found by static code analyzers were fixed.
Known problems and limitations
[1] LDAP MODRDN (rename) is not supported at the moment.
[2] Zones enabled at run-time are not loaded properly.
You have to restart BIND after changing idnsZoneActive attribute to TRUE.
[3] Zones and records deleted when connection to LDAP is down are not
refreshed properly after re-connection.
You have to restart BIND to restore consistency.
== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted
manually after the RPM installation.
*Make sure that BIND can write to working directory as described in README*
before you restart BIND.
You will need to clean up configuration file /etc/named.conf if your
configuration contains typos or other unsupported options.
Downgrading back to any 3.x version is supported as long as record types not
supported by old version are not utilized.
== Feedback ==
Please provide comments, report bugs and send any other feedback via the
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users
--
Petr Spacek
Software engineer
Red Hat
Petr Spacek
Software engineer
Red Hat