Hello,
This is more of a bind-dyndb-ldap question, but documentation pointed me here when asking questions. I'm using the RHEL7.6 supplied version of Bind and bind-dyndb-ldap. Versions are:
bind-dyndb-ldap-11.1-4.el7 bind-9.9.4-72.el7
I'm also using an up-stream version of OpenLDAP (2.4.44). I'm having trouble with the idnsAllowTransfer attribute. Specifically, a zone will not default to the global "allow-transfer" option. Explicitly setting idnsAllowTransfer attribute in the the zone fixes the problem, but the documentation for idnsAllowTransfer states:
"If not set then zone inherits global allow-transfer from named.conf."
Not specifying idnsAllowQuery properly defaults to the global allow-query list in named.conf. Not sure if its a bug, or just out-of-date documentation. A point in the right direction would be appreciated.
Cheers, Bryan
On Mon, Dec 17, 2018 at 12:06:29PM -0600, Bryan Mesich via FreeIPA-users wrote:
Hello,
This is more of a bind-dyndb-ldap question, but documentation pointed me here when asking questions. I'm using the RHEL7.6 supplied version of Bind and bind-dyndb-ldap. Versions are:
bind-dyndb-ldap-11.1-4.el7 bind-9.9.4-72.el7
I'm also using an up-stream version of OpenLDAP (2.4.44). I'm having trouble with the idnsAllowTransfer attribute. Specifically, a zone will not default to the global "allow-transfer" option. Explicitly setting idnsAllowTransfer attribute in the the zone fixes the problem, but the documentation for idnsAllowTransfer states:
"If not set then zone inherits global allow-transfer from named.conf."
Not specifying idnsAllowQuery properly defaults to the global allow-query list in named.conf. Not sure if its a bug, or just out-of-date documentation. A point in the right direction would be appreciated.
I was incorrect in indicating idnsAllowQuery was properly defaulting to the global option. It is operating the same as dnsAllowTransfer. It would appear that global options are not defaulted to when missing from a zone. Is this expected behavior?
Cheers, Bryan
-- Bryan Mesich Sr. System Administrator DIGI-KEY ELECTRONICS 701 Brooks Ave. South Thief River Falls, MN 56701 USA _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Bryan Mesich