https://bugzilla.redhat.com/show_bug.cgi?id=815621 (Red Hat Enterprise Linux 7)
Description of problem: IPA/IdM has no awareness of network topology and no mechanism for preferring local servers over ones that may be across a slow WAN segment BIND views are a way to accomplish this. Ideally the IPA / IdM administrator would be able to group together networks [x.x.x.x/xx] in a way that designates a site, and IPA will help clients prefer servers inside the site. Sites could be implemented as a list of networks tied to a site name. Support for networks that aren't part of IPA DNS is required. Server preference would be accomplished by IPA automatically maintaining BIND VIEWS for each site so that depending on what site the client is querying from, BIND orders the DNS query results such that local addresses are first. a view like: match-clients {"any"; }; // all other hosts would match clients that are't in any defined site. Since this feature depends on an interaction between the IPA configuration and BIND, it would be unavailable to people using external DNS. A good example of using BIND VIEWS clauses is provided here: http://wiki.sipfou ndry.org/pages/viewpage.action?pageId=3768360#SettingupBINDwithlocationbasedvie wsforsipX-ExampleNetworkScenario
Related bind-dyndb-ldap ticket is https://fedorahosted.org/bind-dyndb-ldap/ticket/69
Ticket #3725 was closed as duplicate of this RFE. #3725 contains some thoughts from real BIND user.
Hi, I figured I'd mention that I added a few (potentially useful?) comments in the duplicate: https://fedorahosted.org/freeipa/ticket/3725
I've also released a puppet-ipa module which hopefully show why it's awkward to use the DNS exactly as it's setup at the moment. Code is: https://github.com/purpleidea/puppet-ipa
Cheers, James
We need to re-triage this as soon as possible.
pspacek's thread on DNS views in freeipa-users:[[BR]] http://www.redhat.com/archives/freeipa-users/2013-October/msg00005.html
We have reached an agreement on the basic design, details are still being discussed. But the ticket can be moved to the right bucket now.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=815621#c23, this RFE will very likely not be implemented as is at all. FreeIPA would rather integrate with other DNS server when such complex tasks are needed (#4424).
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Tickets Deferred
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.