On 1/18/20 7:12 PM, Christian Boltz wrote:
Am Freitag, 17. Januar 2020, 22:18:26 CET schrieb Lars Vogdt:
As I wrote: I installed bind because I know it and I see the pressure to have something up and running to become independent. But I
Ok, understood.
I have some preference for launch=ldap to have authc/authz integration to another LDAP server [1] and use native LDAP replication for HA. While I'm more a fan of KISS (means here: having a single, independent service which could run without any outside dependencies - so I would have the data in ldap, but use a local dump), this could of course also be done - and there are people like you, who have a way better knowledge than me on how to do this right. :-) The initial setup should definitively improve over time. And those who do decide.
... and this is why it's unlikely that we'll end up with text/plain zone files ;-) - while I'd prefer them (to keep things simple), I probably won't have time to work on the DNS setup.
Zone files look simple until you look at other requirements: HA: AXFR is not always super-reliable and needs increasing the serial number. The latter is more hard to do with zone files in an automated way (and is often forgotten during manual editing). => Native database replication works better. Scripting: E.g. for Let's Encrypt integration you might want to dynamically add and remove DNS RRs without mucking with DNS-Update (RFC 2136). Not to speak of authc/authz deficiencies... => native DB access is better Ciao, Michael. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org