Bug 143440 – RFE: more granularity for dynamic DNS updates

Bug 143440 - RFE: more granularity for dynamic DNS updates

Summary:	RFE: more granularity for dynamic DNS updates

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted (Show other bugs)
Sub Component:
Version:	3
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-12-20 16:22 EST by Gene Czarcinski
Modified:	2007-11-30 17:10 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-12-20 16:54:54 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Gene Czarcinski 2004-12-20 16:22:15 EST

Description of problem:

I have named (bind) and dhcpd configured to perform dynamic dns updates.

With selinux in enforcing mode, I need to enable named for writing
master zones.  Now to support dynamic dns updating from dhcpd, named
creates and updates "___.jnl" files for each zone being handled but
does not modify the actual files which define the base zone
information.  To have this work with selinx, I need to set the
named_write_master_zones boolean which (if I understand correctly)
enables it to modify any of the zone files whereas I only want it to
create and update the .jnl files.

This level of granularity should be supported.

I have made this an RFE although I could also consider it a bug.

Comment 1 Gene Czarcinski 2004-12-20 16:22:57 EST

also see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141800

Comment 2 Jason Vas Dias 2004-12-20 16:47:18 EST

 Actually, the .jnl files are just a place to store incoming DDNS 
 updates, which are then "flushed" periodically or by the "rndc flush"
 command : ie. the updates are merged with the existing zone file 
 contents and the zone file is replaced with the updated zone .

 So I can't see any point to enabling .jnl file write without also
 enabling zone file write: doing so would make all updates impermanen   t
 with the same lifetime as the current named instance.  
 
 If these 'impermanent updates' are what you want, the same result 
 could be achieved by making the original zone files read-only.

Comment 3 Gene Czarcinski 2004-12-20 16:54:54 EST

Thanks for the information.  I was not aware that the updates were
merged into the regular zone files.

With this understanding, I am closing the report.

Comment 4 Jason Vas Dias 2004-12-20 17:31:41 EST

 Actually, the above is not quite the full story. 
 See: 
  file:///usr/share/doc/bind-9.2.4/arm/Bv9ARM.ch04.html#dynamic_update
  file:///usr/share/doc/bind-9.3.0/arm/Bv9ARM.ch03.html#AEN347

 In BIND-9.2.4, the .jnl updates are merged with the master zone 
 only on name server shutdown / startup.
 
 In BIND-9.3.0, there is now the 'rndc freeze' command, which merges
 in the updates and disables DDNS for a zone, and the 'rndc unfreeze'
 command, which re-enables DDNS for a zone.

Note You need to log in before you can comment on or make changes to this bug.