© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
I agree with j-harbott on this.
Decoupling the forward zone management from the PTR record management in neutron creates a security concern and doesn't really fit the purpose of this integration.
I think if we want to pursue this, it would require a significant change to the neutron integration (beyond the proposed patch) to address the security ramifications.
Essentially we would need to change the model where reverse zones are owned by the service account to a model where the reverse zones could be owned by the project creating the port. Thus, the user creating the port would require permission to update the reverse zone. At which point you will simply be automating the PTR record create call on behalf of the user creating the port.
Wouldn't it be easier to just make a call to designate to create the record rather than setting the name and domain on the port?