Report information
The Basics
Id:
35271
Status:
resolved
Worked:
10 minutes
Users:
RT_System: 10 minutes
Priority:
Medium/Medium
Queue:
bind9-public
People
BugTracker
Version Fixed:
9.11.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
9.11.0
Priority:
(no value)
Severity:
S1 High
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
feature
Attachments
bind98-dyndb.patch
Dates
Created:Thu, 30 Jan 2014 09:14:20 -0500
Updated:Fri, 07 Jul 2017 21:11:12 -0400
Closed:Tue, 29 Sep 2015 02:20:31 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Thu, 02 Jun 2011 06:59:22 -0400 Adam Tkac <atkac@redhat.com> - Ticket #24733: - Ticket created
Subject: [PATCH] New dynamic_db database interface for BIND
Date: Thu, 02 Jun 2011 12:58:42 +0200
To: bind-suggest@isc.org
From: Adam Tkac <atkac@redhat.com>

Hello all, I would like to introduce new db interface for BIND - dynamic_db. This interface allows to write db modules for BIND9 and authoritative zones can be served via this module. Main difference from current interfaces (dlopen DLZ/DLZ/SDB) is that dynamic_db interface doesn't actually create new interface, it only allows to load module which implements full-featured dns/db.h interface. Advantage is that module which uses dynamic_db can implement same features as current rbtdb (for example dynamic_db module can serve DNSSEC-signed zones). If I understand DLZ/SDB interface cannot be used to serve DNSSEC-signed zones. Disadvantage is that dynamic_db module needs to be more sophisticated than DLZ/SDB module. dynamic_db module is configured in named.conf and it's configuration is pretty extensible, this is an example: dynamic-db "my_db_name" { library "ldap.so"; arg "uri ldap://ldap.example.com"; arg "base cn=dns, dc=example, dc=com"; arg "auth_method none"; arg "cache_ttl 300"; }; As you can see there is basically no limitation for arguments number and format. There is already one module which uses this interface, called bind-dyndb-ldap: https://fedorahosted.org/bind-dyndb-ldap http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git This module is currently used by FreeIPA project to store all zones in LDAP database. Would it be possible to merge the dynamic_db interface to upstream, please? Proposed patch is attached. Comments are welcomed. Regards, Adam
bind98-dyndb.patch

Message body is not shown because sender requested not to inline it.

  Thu, 02 Jun 2011 10:29:18 -0400 Evan Hunt <each@isc.org> - Ticket #24733: - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface for BIND
Date: Thu, 2 Jun 2011 14:29:08 +0000
To: Adam Tkac via RT <bind-suggest@isc.org>
From: Evan Hunt <each@isc.org>

> I would like to introduce new db interface for BIND - dynamic_db. Thanks very much, Adam. I had no idea this work was being done. Can't make promises until we've had time to investigate it, but we'll definitely consider it. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
Thu, 02 Jun 2011 10:29:18 -0400 The RT System itself - Ticket #24733: - Status changed from 'new' to 'open'
  Thu, 02 Jun 2011 22:36:40 -0400 Evan Hunt <Evan_Hunt@isc.org> - Ticket #24733: - Correspondence added

Hi Adam, At a cursory glance this looks like quite good code, and we might indeed be interested in accepting it into BIND 9, as it has at least one feature we had hoped to support eventually (external database with the ability to serve DNSSEC). We can't commit it in its current form for a few reasons: first, there are no tests or documentation; second, there is no sample driver we can provide as guidance to implementors. (The LDAP driver you pointed to is good, but it's GPL, which means ISC is forbidden by corporate charter from shipping it.) We can probably help with tests and doc, but a sample driver with a BSD- compatible license would be a huge help, even if it only served static zones (such as the one in bind9/bin/tests/system/dlzexternal/driver.c). Out of curiosity, why did you decide to add a new API and new 'dynamic-db' configuration syntax instead of extending or improving the existing DLZ API? Would a merged approach be workable? Minimizing the number of different ways to accomplish the same thing would be desirable, if feasible. I see a few trivial ISC code-style incompatibilities, but nothing to worry about on that account. I'm planning to commit your patch to a CVS branch for further work, and will review the code in more detail later.
  Fri, 10 Jun 2011 06:44:15 -0400 Adam Tkac <atkac@redhat.com> - Ticket #24733: - Correspondence added
Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface for BIND
Date: Fri, 10 Jun 2011 12:43:47 +0200
To: bind-suggest@isc.org
From: Adam Tkac <atkac@redhat.com>

On 06/03/2011 04:36 AM, Evan Hunt via RT wrote: > Hi Adam, > > At a cursory glance this looks like quite good code, and we might indeed be > interested in accepting it into BIND 9, as it has at least one feature we had > hoped to support eventually (external database with the ability to serve > DNSSEC). > > We can't commit it in its current form for a few reasons: first, there are no > tests or documentation; second, there is no sample driver we can provide as > guidance to implementors. (The LDAP driver you pointed to is good, but it's > GPL, which means ISC is forbidden by corporate charter from shipping it.) > > We can probably help with tests and doc, but a sample driver with a BSD- > compatible license would be a huge help, even if it only served static zones > (such as the one in bind9/bin/tests/system/dlzexternal/driver.c). > > Out of curiosity, why did you decide to add a new API and new 'dynamic-db' > configuration syntax instead of extending or improving the existing DLZ API? > Would a merged approach be workable? Minimizing the number of different ways to > accomplish the same thing would be desirable, if feasible. > > I see a few trivial ISC code-style incompatibilities, but nothing to worry about > on that account. I'm planning to commit your patch to a CVS branch for further > work, and will review the code in more detail later. Hello Evan, thanks for good suggestions, I will check if it is possible to incorporate them into dyndb driver, stay tuned. Regards, Adam
Sun, 30 Oct 2011 16:00:45 -0400 Evan Hunt <Evan_Hunt@isc.org> - Ticket #24733: - Taken
  Mon, 26 Mar 2012 06:31:32 -0400 Petr Spacek <pspacek@redhat.com> - Ticket #24733: - Correspondence added
CC: atkac@redhat.com
Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface for BIND
Date: Mon, 26 Mar 2012 11:31:16 +0200
To: bind-suggest@isc.org
From: Petr Spacek <pspacek@redhat.com>

Greetings, after a bit longer break we are back with proposed API. We are still interested in contributing dynamic database API upstream. Please, can you provide more detailed requirements for contributing code? I would like to get information about: - requirements to API tests - requirements to documentation: Is enough to comment code in the same way as BIND? If API will be acceptable for you, I can write some BSD-licensed sample driver in spirit of bind9/bin/tests/system/dlzexternal/driver.c. Code will be polished according to http://bind10.isc.org/wiki/BIND9CodingGuidelines, of course. Regards, -- Petr Spacek Software Engineer Red Hat Czech s.r.o. Email: pspacek@redhat.com Phone: +420 532 294 185 Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic IC: 27690016 On 06/03/2011 04:36 AM, Evan Hunt via RT wrote: > Hi Adam, > > At a cursory glance this looks like quite good code, and we might indeed be > interested in accepting it into BIND 9, as it has at least one feature we had > hoped to support eventually (external database with the ability to serve > DNSSEC). > > We can't commit it in its current form for a few reasons: first, there are no > tests or documentation; second, there is no sample driver we can provide as > guidance to implementors. (The LDAP driver you pointed to is good, but it's > GPL, which means ISC is forbidden by corporate charter from shipping it.) > > We can probably help with tests and doc, but a sample driver with a BSD- > compatible license would be a huge help, even if it only served static zones > (such as the one in bind9/bin/tests/system/dlzexternal/driver.c). > > Out of curiosity, why did you decide to add a new API and new 'dynamic-db' > configuration syntax instead of extending or improving the existing DLZ API? > Would a merged approach be workable? Minimizing the number of different ways to > accomplish the same thing would be desirable, if feasible. > > I see a few trivial ISC code-style incompatibilities, but nothing to worry about > on that account. I'm planning to commit your patch to a CVS branch for further > work, and will review the code in more detail later.
  Mon, 26 Mar 2012 12:42:38 -0400 Evan Hunt <each@isc.org> - Ticket #24733: - Correspondence added
CC: undisclosed-recipients: ;
Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface for BIND
Date: Mon, 26 Mar 2012 16:42:36 +0000
To: Petr Spacek via RT <bind-suggest@isc.org>
From: Evan Hunt <each@isc.org>

> We are still interested in contributing dynamic database API upstream. Thank you. > Please, can you provide more detailed requirements for contributing code? > > I would like to get information about: > - requirements to API tests Minimally, we'd like a system-level test (such as the ones in bind9/bin/tests/system). Those tests generally run one or more named servers listening on different loopback alias addresses, and exercise features of them at runtime. There are "dlz" and "dlzexternal" tests you might have a look at to get an idea. In the past few years we've also started introducing unit tests written using the NetBSD "ATF" testing framework. Those appear in bind9/lib/isc/tests and bind9/lib/dns/tests. > - requirements to documentation: Is enough to comment code in the same > way as BIND? API comments with doxygen directives such as BIND uses would be helpful. I would also suggest a README file for implementors, to be included with the sample driver.
  Wed, 22 May 2013 09:52:05 -0400 Tomas Hozza <thozza@redhat.com> - Ticket #24733: - Correspondence added
CC: Petr Spacek <pspacek@redhat.com>
Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface for BIND
Date: Wed, 22 May 2013 15:51:48 +0200
To: bind-suggest@isc.org
From: Tomas Hozza <thozza@redhat.com>

Hello. As a new maintainer of BIND at Red Hat I would like to ask you how things look with our "old" initiative to add a new dynamic_db database interface into BIND9. It has been a long time since we heard anything from ISC regarding this matter. I want to point out that we are still interested in contributing this dynamic database API upstream. Therefore I would like to ask you for some feedback what has to be done from our side to get our code into BIND. I'm including previous communication regarding this matter between ISC engineer Evan Hunt and previous Red Hat BIND maintainer Adam Tkac and also last email set by Red Hat engineer Petr Spacek. Unfortunately we didn't get any answer on it last time, but really hope we will get some this time. We would really like to finish our effort and finally get things done. Thank you in advance for your answer. Regards, Tomas Hozza > -------- Original Message -------- > Subject: Re: [ISC-Bugs #24733] [PATCH] New dynamic_db database interface > for BIND > Date: Mon, 26 Mar 2012 11:31:16 +0200 > From: Petr Spacek <pspacek@redhat.com> > To: bind-suggest@isc.org > CC: atkac@redhat.com > > Greetings, > > after a bit longer break we are back with proposed API. > > We are still interested in contributing dynamic database API upstream. > > Please, can you provide more detailed requirements for contributing code? > > I would like to get information about: > - requirements to API tests > - requirements to documentation: Is enough to comment code in the same > way as BIND? > > If API will be acceptable for you, I can write some BSD-licensed sample > driver in spirit of bind9/bin/tests/system/dlzexternal/driver.c. > > Code will be polished according to > http://bind10.isc.org/wiki/BIND9CodingGuidelines, of course. > > Regards, > > -- > Petr Spacek > Software Engineer > Red Hat Czech s.r.o. > > Email: pspacek@redhat.com > Phone: +420 532 294 185 > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > IC: 27690016 > > > On 06/03/2011 04:36 AM, Evan Hunt via RT wrote: >> Hi Adam, >> >> At a cursory glance this looks like quite good code, and we might >> indeed be >> interested in accepting it into BIND 9, as it has at least one feature >> we had >> hoped to support eventually (external database with the ability to serve >> DNSSEC). >> >> We can't commit it in its current form for a few reasons: first, >> there are no >> tests or documentation; second, there is no sample driver we can >> provide as >> guidance to implementors. (The LDAP driver you pointed to is good, >> but it's >> GPL, which means ISC is forbidden by corporate charter from shipping it.) >> >> We can probably help with tests and doc, but a sample driver with a BSD- >> compatible license would be a huge help, even if it only served static >> zones >> (such as the one in bind9/bin/tests/system/dlzexternal/driver.c). >> >> Out of curiosity, why did you decide to add a new API and new >> 'dynamic-db' >> configuration syntax instead of extending or improving the existing >> DLZ API? >> Would a merged approach be workable? Minimizing the number of >> different ways to >> accomplish the same thing would be desirable, if feasible. >> >> I see a few trivial ISC code-style incompatibilities, but nothing to >> worry about >> on that account. I'm planning to commit your patch to a CVS branch >> for further >> work, and will review the code in more detail later.
  Thu, 30 Jan 2014 09:14:20 -0500 Timo Aaltonen <tjaalton@ubuntu.com> - Ticket created
Subject: please add support for dynamic db's
Date: Thu, 30 Jan 2014 16:14:02 +0200
To: bind-suggest@isc.org
From: Timo Aaltonen <tjaalton@ubuntu.com>

Hi I'm packaging FreeIPA for Debian, but it depends on bind-dyndb-ldap package that in turn depends on dyndb support in bind9. Red Hat has shipped with a patch on their bind9 that adds support for it, and I've heard that it could be included upstream for 9.11. Here's a big +++ for that to happen, since it would also make the Debian bind maintainer happier. -- t
  Mon, 03 Feb 2014 16:04:34 -0500 Vicky Risk <vicky@isc.org> - Correspondence added

Hi Mr. Aaltonen,

Thank you for taking the time to log a suggestion for a BIND enhancement. We are discussing with the Fedora guys how we might possibly harmonize this feature with the Dynamically-Loadable Zones (DLZ) feature we already have.  They overlap, but are different.  We do already have an installed base using the DLZ feature so we have to consider that.  I gather you are trying to 'vote' in favor of dynamic db.  If you would like to correspond with me further on this, I would welcome emails at vicky@isc.org.  I am the Product Manager for BIND.

We had an initial meeting at Fosdem, and are looking for a summary of what features dynamic-db will provide, including a diagram or diagrams, some comparison with our existing DLZ feature and ideas for how we could either extend DLZ or harmonize the two.

Regards

Vicky Risk
vicky@isc.org
(650) 423-1457 (california)
Mon, 03 Feb 2014 16:04:35 -0500 The RT System itself - Status changed from 'new' to 'open'
Mon, 03 Feb 2014 16:16:59 -0500 The RT System itself - Worked 10 minutes 10 minutes
Mon, 03 Feb 2014 16:16:59 -0500 Vicky Risk <vicky@isc.org> - Ticket #24733: - Merged into #35271: [Patch] please add support for dynamic db's
Mon, 03 Feb 2014 16:16:59 -0500 Vicky Risk <vicky@isc.org> - Merged into #35271: [Patch] please add support for dynamic db's
Thu, 27 Feb 2014 11:49:21 -0500 Brian Conry <bconry@isc.org> - Severity S1 High added
Thu, 19 Mar 2015 12:38:15 -0400 Evan Hunt <Evan_Hunt@isc.org> - Queue changed from #3 to #7
Mon, 30 Mar 2015 02:01:27 -0400 Mukund Sivaraman <muks@isc.org> - Taken
Wed, 13 May 2015 13:31:02 -0400 Vicky Risk <vicky@isc.org> - Versions Planned 9.11.0 added
Mon, 29 Jun 2015 00:59:54 -0400 Mukund Sivaraman <muks@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>
Tue, 15 Sep 2015 22:36:52 -0400 Evan Hunt <Evan_Hunt@isc.org> - Given to Mukund Sivaraman <muks@isc.org>
Mon, 28 Sep 2015 00:43:23 -0400 Mukund Sivaraman <muks@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>
Tue, 29 Sep 2015 02:20:32 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Wed, 03 Aug 2016 12:41:01 -0400 Vicky Risk <vicky@isc.org> - Area feature added
Wed, 03 Aug 2016 12:41:01 -0400 Vicky Risk <vicky@isc.org> - Version Fixed 9.11.0 added
Wed, 03 Aug 2016 15:49:59 -0400 Vicky Risk <vicky@isc.org> - Subject changed from 'please add support for dynamic db's' to '[Patch] please add support for dynamic db's'
Fri, 07 Jul 2017 21:11:12 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #7 to bind9-public