Enable SOA serial autoincrement

SOA serial autoincrement is a requirement for major DNS features,
e.g. zone transfers or DNSSEC. Enable it by default in named.conf
both for new and upgraded installations. Name of the bind-dyndb-ldap
option is "serial_autoincrement".

From now on, idnsSOAserial attribute also has to be put to
replication agreement exclude list as serial will be incremented
on each DNS server separately and won't be shared. Exclude list
has to be updated both for new replication agreements and the
current ones.

Minimum number of connections for bind-dyndb-ldap has been rised
to 4 connections, the setting will be updated during package upgrade.

https://fedorahosted.org/freeipa/ticket/2554

1 files changed, 9 insertions, 2 deletions

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index c2bf13a2f..857814917 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -244,8 +244,15 @@ def _rname_validator(ugettext, zonemgr):
     return None
 
 def _create_zone_serial():
-    """ Generate serial number for zones. The format follows RFC 1912 """
-    return int('%s01' % time.strftime('%Y%m%d'))
+    """
+    Generate serial number for zones. bind-dyndb-ldap expects unix time in
+    to be used for SOA serial.
+
+    SOA serial in a date format would also work, but it may be set to far
+    future when many DNS updates are done per day (more than 100). Unix
+    timestamp is more resilient to this issue.
+    """
+    return int(time.time())
 
 def _reverse_zone_name(netstr):
     net = netaddr.IPNetwork(netstr)