<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 08/20/2015 02:35 PM, David
Dejaeghere wrote:<br>
</div>
<blockquote
cite="mid:CAO9DwO-eCkpyS-0xMHNo+owWBJ5c2ufdCQyKP1eWGjiDyi8fww@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Aha,<br>
<br>
</div>
Correct. But i never set this. This option seems to be
set by default.<br>
</div>
I verified this issue on multiple installs. It seems they
all have this option set by default?<br>
<br>
</div>
Can i safely change named.conf without fearing my
modifications will be lost on an update?<br>
<br>
</div>
Kind Regards,<br>
<br>
</div>
David<br>
</div>
</blockquote>
(Adding freeipa-users back)<br>
<br>
I checked code, it is default.<br>
<br>
You can change named.conf, upgrade will not replace it.<br>
<br>
Martin<br>
<blockquote
cite="mid:CAO9DwO-eCkpyS-0xMHNo+owWBJ5c2ufdCQyKP1eWGjiDyi8fww@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-08-20 14:32 GMT+02:00 Martin Basti
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div class="h5"> <br>
<div>On 08/20/2015 02:22 PM, Martin Basti wrote:<br>
</div>
<blockquote type="cite"> <br>
<br>
<div>On 08/20/2015 01:48 PM, David Dejaeghere wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
I noticed that changing the
authoritarive nameserver in FreeIPA
reflects correctly to its directory data
but bind will not resolve the soa record
with the updated mname details.<br>
<br>
</div>
For example I add a zone <a
moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a>
and change the mname record.<br>
<br>
[root@ns02 ~]# ipa dnszone-add<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a><br>
Zone name: <a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a>.<br>
Active zone: TRUE<br>
<b> Authoritative nameserver: <a
moz-do-not-send="true"
href="http://ns02.tokiogroup.be"
target="_blank">ns02.tokiogroup.be</a>.</b><br>
Administrator e-mail address: hostmaster<br>
SOA serial: 1440070999<br>
SOA refresh: 3600<br>
SOA retry: 900<br>
SOA expire: 1209600<br>
SOA minimum: 3600<br>
BIND update policy: grant <a
moz-do-not-send="true"
href="http://TOKIOGROUP.BE"
target="_blank">TOKIOGROUP.BE</a>
krb5-self * A; grant <a
moz-do-not-send="true"
href="http://TOKIOGROUP.BE"
target="_blank">TOKIOGROUP.BE</a>
krb5-self * AAAA; grant <a
moz-do-not-send="true"
href="http://TOKIOGROUP.BE"
target="_blank">TOKIOGROUP.BE</a>
krb5-self *<br>
SSHFP;<br>
Dynamic update: FALSE<br>
Allow query: any;<br>
Allow transfer: none;<br>
[root@ns02 ~]# ipa dnszone-mod
--nameserver<br>
anaconda-ks.cfg .bash_logout
.bashrc .ipa/ .ssh/<br>
.bash_history .bash_profile
.cshrc .pki/ .tcshrc<br>
<br>
<br>
[root@ns02 ~]# ipa dnszone-mod
--name-server<b> <a
moz-do-not-send="true"
href="http://ns7.tokiogroup.be"
target="_blank">ns7.tokiogroup.be</a></b>.<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a><br>
ipa: WARNING: Semantic of setting
Authoritative nameserver was changed. It
is used only for setting the SOA MNAME
attribute.<br>
NS record(s) can be edited in zone apex -
'@'.<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a>.<br>
Active zone: TRUE<br>
<b>Authoritative nameserver: <a
moz-do-not-send="true"
href="http://ns7.tokiogroup.be"
target="_blank">ns7.tokiogroup.be</a>.</b><br>
Administrator e-mail address: hostmaster<br>
SOA serial: 1440071001<br>
SOA refresh: 3600<br>
SOA retry: 900<br>
SOA expire: 1209600<br>
SOA minimum: 3600<br>
Allow query: any;<br>
Allow transfer: none;<br>
<br>
<br>
[root@ns02 ~]# nslookup<br>
> set q=SOA<br>
> <a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a><br>
Server: 127.0.0.1<br>
Address: 127.0.0.1#53<br>
<br>
<a moz-do-not-send="true"
href="http://test.be" target="_blank">test.be</a><br>
<b> origin = <a
moz-do-not-send="true"
href="http://ns02.tokiogroup.be"
target="_blank">ns02.tokiogroup.be</a></b><br>
mail addr = <a
moz-do-not-send="true"
href="http://hostmaster.test.be"
target="_blank">hostmaster.test.be</a><br>
serial = 1440071001<br>
refresh = 3600<br>
retry = 900<br>
expire = 1209600<br>
minimum = 3600<br>
<br>
</div>
As you can see the SOA record still shows
the original default value.<br>
<br>
</div>
Kind Regards,<br>
<br>
</div>
David Dejaeghere<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
Thank you for this bug report.<br>
I opened bind-dyndb-ldap ticket <a
moz-do-not-send="true"
href="https://fedorahosted.org/bind-dyndb-ldap/ticket/159"
target="_blank"><a class="moz-txt-link-freetext" href="https://fedorahosted.org/bind-dyndb-ldap/ticket/159">https://fedorahosted.org/bind-dyndb-ldap/ticket/159</a></a><br>
<br>
Martin<br>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
</div>
I maybe found why do you have this issue,<br>
<br>
do you have fake_mname configured in bind_dyndb_ldap
section of named.conf?<br>
If yes then remove this option to use SOA MNAME from LDAP.<span
class="HOEnZb"><font color="#888888"><br>
<br>
Martin<br>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>