Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

7.13. bind-dyndb-ldap

Updated bind-dyndb-ldap packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers.

Note

The bind-dyndb-ldap package has been upgraded to upstream version 2.3, which provides a number of bug fixes and enhancements over the previous version. In particular, many persistent search improvements. Refer to /usr/share/doc/bind-dyndb-ldap/NEWS for a detailed list of the changes. (BZ#827414)

Bug Fixes

BZ#767496
When persistent search was in use, the plug-in sometimes terminated unexpectedly due to an assertion failure when the "rndc reload" command was issued and the LDAP server was not reachable. With this update, the code has been improved so that connection failures and reconnects are now handled more robustly. As a result, the plug-in no longer crashes in the scenario described.
BZ#829388
Previously, some relative domain names were not expanded correctly to FQDNs. Consequently, zone transfers sometimes contained relative domain names although they should only contain FQDNs (for example, they contained "name." record instead of "name.example.com."). The plug-in has been patched, and as a result, zone transfers now contain the correct domain names.
BZ#840381
Due to a bug in bind-dyndb-ldap, the named process sometimes terminated unexpectedly when a connection to LDAP timed out. Consequently, when a connection to LDAP timed out (or failed), the named process was sometimes aborted and DNS service was unavailable. The plug-in has been fixed and as a result, the plug-in now handles situations when a connection to LDAP fails gracefully.
BZ#856269
Due to a race condition, the plug-in sometimes caused the named process to terminate unexpectedly when it received a request to reload. Consequently, the DNS service was sometimes unavailable. A patch has been applied and as a result, the race condition during reload no longer occurs.

Enhancements

BZ#733711
LDAP in Red Hat Enterprise Linux 6.4 includes support for persistent search for both zones and their resource records. Persistent search allows the bind-dyndb-ldap plug-in to be immediately informed about all changes in an LDAP database. It also decreases network bandwidth usage required by repeated polling.
BZ#829340
Previously, it was only possible to configure IPv4 forwarders in LDAP. With this update, a patch has been added to the plug-in, and as a result, the plug-in is now able to parse and use IPv6 forwarders. BIND9 syntax for "forwarders" is required.
BZ#829385
Previously, it was impossible to share one LDAP database between multiple master servers; only one master server could be used. A new bind-dyndb-ldap option "fake_mname" which allows for overriding the master server name in the SOA record has been added. With this option it is now possible to override the master server name in the SOA record so that multiple servers can act as master server for one LDAP database.
BZ#840383
When multiple named processes shared one LDAP database and dynamically updated DNS records (via DDNS), they did not update the SOA serial numbers so it was impossible to serve such zones on secondary servers correctly (that is to say, they were not updated on slave servers). With this update, the plug-in can now update SOA serial numbers automatically, if configured to do so. Refer to the new "serial_autoincrement" option in the /usr/share/doc/bind-dyndb-ldap/README file for more details.
BZ#869323
This update provides support for the per-zone disabling of forwarding. Some setups require the disabling of forwarding per-zone. For example, company servers are configured as authoritative for a non-public zone and have global forwarding turned on. When the non-public zone contains delegation for a non-public subdomain, the zone must have explicitly disabled forwarding otherwise the glue records will not be returned. As a result, a server can now return delegation glue records for private zones when global forwarding is turned on. Refer to /usr/share/doc/bind-dyndb-ldap/README for detailed information.
Users of bind-dyndb-ldap are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Updated bind-dyndb-ldap packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The dynamic LDAP back-end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that helps to reduce the load on LDAP servers.

Bug Fix

BZ#928429
The bind-dyndb-ldap plug-in processed settings too early, which led to the daemon terminating unexpectedly with a segmentation fault during startup or reload. The bind-dyndb-ldap plug-in has been fixed to process its options later, and so, no longer crashes during startup or reload.
Users of bind-dyndb-ldap are advised to upgrade to these updated packages, which fix this bug.