diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-10-29 09:15:08 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-11-09 15:37:23 +0100 |
commit | 610594156eafee2d0ced3a4d0484e4436b6f973d (patch) | |
tree | bb9c641bc524cc3ddb345773543a7d40d656da1c /ipalib | |
parent | 215fcdfd5e9e0cd26cf5d60254343e11c9148a1c (diff) | |
download | freeipa-610594156eafee2d0ced3a4d0484e4436b6f973d.tar.gz freeipa-610594156eafee2d0ced3a4d0484e4436b6f973d.tar.xz freeipa-610594156eafee2d0ced3a4d0484e4436b6f973d.zip |
Disable global forwarding per-zone
bind-dyndb-ldap allows disabling global forwarder per-zone. This may
be useful in a scenario when we do not want requests to delegated
sub-zones (like sub.example.com. in zone example.com.) to be routed
through global forwarder.
Few lines to help added to explain the feature to users too.
https://fedorahosted.org/freeipa/ticket/3209
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/dns.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e7ac58d23..17a794b53 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -184,6 +184,16 @@ EXAMPLES: Show records for resource www in zone example.com ipa dnsrecord-show example.com www + Delegate zone sub.example to another nameserver: + ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5 + ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com. + + If global forwarder is configured, all requests to sub.example.com will be + routed through the global forwarder. To change the behavior for example.com + zone only and forward the request directly to ns.sub.example.com., global + forwarding may be disabled per-zone: + ipa dnszone-mod example.com --forward-policy=none + Forward all requests for the zone external.com to another nameserver using a "first" policy (it will send the queries to the selected forwarder and if not answered it will use global resolvers): @@ -1691,7 +1701,10 @@ class dnszone(LDAPObject): StrEnum('idnsforwardpolicy?', cli_name='forward_policy', label=_('Forward policy'), - values=(u'only', u'first',), + doc=_('Per-zone conditional forwarding policy. Set to "none" to ' + 'disable forwarding to global forwarder for this zone. In ' + 'that case, conditional zone forwarders are disregarded.'), + values=(u'only', u'first', u'none'), ), Bool('idnsallowsyncptr?', cli_name='allow_sync_ptr', @@ -2923,7 +2936,9 @@ class dnsconfig(LDAPObject): StrEnum('idnsforwardpolicy?', cli_name='forward_policy', label=_('Forward policy'), - values=(u'only', u'first',), + doc=_('Global forwarding policy. Set to "none" to disable ' + 'any configured global forwarders.'), + values=(u'only', u'first', u'none'), ), Bool('idnsallowsyncptr?', cli_name='allow_sync_ptr', |