Bug 667729 - Allow specifying query and transfer policy settings for a zone
Summary: Allow specifying query and transfer policy settings for a zone
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind-dyndb-ldap
Version: 6.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Adam Tkac
QA Contact: Chandrasekar Kannan
Depends On: 733371
Blocks: 667704 701677
TreeView+ depends on / blocked
Reported: 2011-01-06 16:03 UTC by Adam Tkac
Modified: 2015-01-04 23:45 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 701677 (view as bug list)
Last Closed: 2011-12-06 17:57:03 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 733371 None CLOSED DNS zones are not loaded when idnsAllowQuery/idnsAllowTransfer is filled 2019-09-11 14:23:08 UTC
Red Hat Product Errata RHBA-2011:1715 normal SHIPPED_LIVE bind-dyndb-ldap bug fix update 2011-12-06 01:02:17 UTC

Internal Links: 733371

Description Adam Tkac 2011-01-06 16:03:17 UTC
Description of problem:
Currently we don't provide any way to specify a query or transfer acl. For now, we should at least allow query by default. We might later add a new idns attribute that would be used to specify the policy.

Version-Release number of selected component (if applicable):

How reproducible:
Actual results:
no way to set zone's ACL

Comment 5 Jenny Severance 2011-04-06 18:21:09 UTC
Adam: Can you please add steps to reproduce this issue?  Thanks!

Comment 6 Ondrej Vasik 2011-04-06 18:40:47 UTC
It is more enhancement than issue - see README file - http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=blobdiff;f=README;h=6848afcd7368a008e18c7521e20722f6541fe901;hp=4e5e9a47790d170e8109afaf3b2cad026a1e4a81;hb=9ead145742b386ed595e1a37446f7367cc1e4522;hpb=c38022a703b205656fd4c4d0ac6cc6ceb389cea7 ... idnsAllowQuery and idnsAllowTransfer zone (idnsZone) attributes should be allowed after update.

Comment 14 Adam Tkac 2011-05-03 14:32:32 UTC
Although fix in bind-dyndb-ldap is complete and works fine, LDAP schema shipped in freeipa needs to be fixed as well. After that QE can verify freeipa suite is able to set query/transfer ACLs for DNS zone. Opened bug #701677, this feature will be reverified in 6.2.

Comment 17 Martin Kosek 2011-08-26 07:36:21 UTC
This does not work for FreeIPA as we discussed with Adam earlier. I created a BZ ticket to improve our tracking of the bug:


Comment 18 Michael Gregg 2011-11-08 18:54:50 UTC
Marking as verified for now. 

Note that a complete fix depends on 

bug #733371 and bug #701677

Verified against:

Comment 19 errata-xmlrpc 2011-12-06 17:57:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.