<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 08/20/2015 01:48 PM, David
Dejaeghere wrote:<br>
</div>
<blockquote
cite="mid:CAO9DwO-6mDSfTxY5pAihoyBkTftPGQ44zWSGyqV7si0-kXKUJg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
I noticed that changing the authoritarive nameserver in
FreeIPA reflects correctly to its directory data but
bind will not resolve the soa record with the updated
mname details.<br>
<br>
</div>
For example I add a zone <a moz-do-not-send="true"
href="http://test.be">test.be</a> and change the mname
record.<br>
<br>
[root@ns02 ~]# ipa dnszone-add<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be">test.be</a><br>
Zone name: <a moz-do-not-send="true"
href="http://test.be">test.be</a>.<br>
Active zone: TRUE<br>
<b> Authoritative nameserver: <a moz-do-not-send="true"
href="http://ns02.tokiogroup.be">ns02.tokiogroup.be</a>.</b><br>
Administrator e-mail address: hostmaster<br>
SOA serial: 1440070999<br>
SOA refresh: 3600<br>
SOA retry: 900<br>
SOA expire: 1209600<br>
SOA minimum: 3600<br>
BIND update policy: grant <a moz-do-not-send="true"
href="http://TOKIOGROUP.BE">TOKIOGROUP.BE</a> krb5-self
* A; grant <a moz-do-not-send="true"
href="http://TOKIOGROUP.BE">TOKIOGROUP.BE</a> krb5-self
* AAAA; grant <a moz-do-not-send="true"
href="http://TOKIOGROUP.BE">TOKIOGROUP.BE</a> krb5-self
*<br>
SSHFP;<br>
Dynamic update: FALSE<br>
Allow query: any;<br>
Allow transfer: none;<br>
[root@ns02 ~]# ipa dnszone-mod --nameserver<br>
anaconda-ks.cfg .bash_logout .bashrc
.ipa/ .ssh/<br>
.bash_history .bash_profile .cshrc
.pki/ .tcshrc<br>
<br>
<br>
[root@ns02 ~]# ipa dnszone-mod --name-server<b> <a
moz-do-not-send="true" href="http://ns7.tokiogroup.be">ns7.tokiogroup.be</a></b>.<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be">test.be</a><br>
ipa: WARNING: Semantic of setting Authoritative nameserver
was changed. It is used only for setting the SOA MNAME
attribute.<br>
NS record(s) can be edited in zone apex - '@'.<br>
Zone name: <a moz-do-not-send="true"
href="http://test.be">test.be</a>.<br>
Active zone: TRUE<br>
<b>Authoritative nameserver: <a moz-do-not-send="true"
href="http://ns7.tokiogroup.be">ns7.tokiogroup.be</a>.</b><br>
Administrator e-mail address: hostmaster<br>
SOA serial: 1440071001<br>
SOA refresh: 3600<br>
SOA retry: 900<br>
SOA expire: 1209600<br>
SOA minimum: 3600<br>
Allow query: any;<br>
Allow transfer: none;<br>
<br>
<br>
[root@ns02 ~]# nslookup<br>
> set q=SOA<br>
> <a moz-do-not-send="true" href="http://test.be">test.be</a><br>
Server: 127.0.0.1<br>
Address: 127.0.0.1#53<br>
<br>
<a moz-do-not-send="true" href="http://test.be">test.be</a><br>
<b> origin = <a moz-do-not-send="true"
href="http://ns02.tokiogroup.be">ns02.tokiogroup.be</a></b><br>
mail addr = <a moz-do-not-send="true"
href="http://hostmaster.test.be">hostmaster.test.be</a><br>
serial = 1440071001<br>
refresh = 3600<br>
retry = 900<br>
expire = 1209600<br>
minimum = 3600<br>
<br>
</div>
As you can see the SOA record still shows the original
default value.<br>
<br>
</div>
Kind Regards,<br>
<br>
</div>
David Dejaeghere<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Thank you for this bug report.<br>
I opened bind-dyndb-ldap ticket
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/bind-dyndb-ldap/ticket/159">https://fedorahosted.org/bind-dyndb-ldap/ticket/159</a><br>
<br>
Martin<br>
</body>
</html>