#2802 [RFE] add support for BIND views
Closed: wontfix 5 years ago Opened 11 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=815621 (Red Hat Enterprise Linux 7)

Description of problem:

IPA/IdM has no awareness of network topology and no mechanism for preferring
local servers over ones that may be across a slow WAN segment

BIND views are a way to accomplish this.

Ideally the IPA / IdM administrator would be able to group together networks
[x.x.x.x/xx] in a way that designates a site, and IPA will help clients prefer
servers inside the site.

Sites could be implemented as a list of networks tied to a site name.  Support
for networks that aren't part of IPA DNS is required.

Server preference would be accomplished by IPA automatically maintaining BIND
VIEWS for each site so that depending on what site the client is querying from,
BIND orders the DNS query results such that local addresses are first.

a view like:
match-clients {"any"; }; // all other hosts

would match clients that are't in any defined site.

Since this feature depends on an interaction between the IPA configuration and
BIND, it would be unavailable to people using external DNS.

A good example of using BIND VIEWS clauses is provided here: http://wiki.sipfou
ndry.org/pages/viewpage.action?pageId=3768360#SettingupBINDwithlocationbasedvie
wsforsipX-ExampleNetworkScenario

Ticket #3725 was closed as duplicate of this RFE. #3725 contains some thoughts from real BIND user.

Hi, I figured I'd mention that I added a few (potentially useful?) comments in the duplicate: https://fedorahosted.org/freeipa/ticket/3725

I've also released a puppet-ipa module which hopefully show why it's awkward to use the DNS exactly as it's setup at the moment. Code is: https://github.com/purpleidea/puppet-ipa

Cheers,
James

We need to re-triage this as soon as possible.

We have reached an agreement on the basic design, details are still being discussed. But the ticket can be moved to the right bucket now.

Please see https://bugzilla.redhat.com/show_bug.cgi?id=815621#c23, this RFE will very likely not be implemented as is at all. FreeIPA would rather integrate with other DNS server when such complex tasks are needed (#4424).

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Tickets Deferred

7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata