<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Hello, records are updated by nslookup</p>
    <p>do you have allowed dynamic updates in the zone settings?<br>
    </p>
    <p>Martin<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 06.05.2016 21:18, Sean Hogan wrote:<br>
    </div>
    <blockquote
      cite="mid:201605061918.u46JIOhO018136@d03av04.boulder.ibm.com"
      type="cite">
      <p>Hi All,<br>
        <br>
        Wondering if someone knows how the SSHFPs of a box are getting
        uploaded to IPA during <font face="Luxi Serif" size="4">ipa-client-install
          --enable-dns-updates</font>? Is it going over port 389,636,22?
        <br>
        <br>
        Have an issue that on one network my enrolls work fine and
        everything gets updated. A new network was put in place but
        still part of the same domain and I get SSHFP failed to upload.
        I was assuming this has something to do with DNS but Network
        team says bi directional port 53 is good and I can nslookup.
        Both new and old networks point to the same IPA DNS server for
        enrolling. The IPs of the new network still fall in my reverse
        zone.<br>
        <br>
        So My DNS is setup with:<br>
        test.local<br>
        10.in-addr.arpa <br>
        <br>
        and the IP scheme for new net is 10.5.x.x, old net is 10.35.x.x
        <br>
        <br>
        <br>
        <br>
        Results of current Network<br>
        <br>
        <br>
        <table border="0" cellpadding="0" cellspacing="0">
          <tbody>
            <tr valign="top">
              <td width="431"><font face="sans" color="#1A1A1A">Enrolled
                  in IPA realm TEST.LOCAL<br>
                  Created /etc/ipa/default.conf<br>
                  New SSSD config will be created<br>
                  Configured sudoers in /etc/nsswitch.conf<br>
                  Configured /etc/sssd/sssd.conf<br>
                  Configured /etc/krb5.conf for IPA realm TEST.LOCAL<br>
                  trying </font><a moz-do-not-send="true"
                  href="https://rtpvxl0068.watson.local/ipa/xml"><b><u><font
                        face="sans" color="#0000FF">https://bob.test.local/ipa/xml</font></u></b></a><font
                  face="sans" color="#1A1A1A"> <br>
                  Forwarding 'env' to server
                  u'<a class="moz-txt-link-freetext" href="https://bob.test.local/ipa/xml">https://bob.test.local/ipa/xml</a>'<br>
                  DNS server record set to: dingle.test.local -> IP
                  of dingle<br>
                  Adding SSH public key from
                  /etc/ssh/ssh_host_dsa_key.pub<br>
                  Adding SSH public key from
                  /etc/ssh/ssh_host_rsa_key.pub<br>
                  Forwarding 'host_mod' to server
                  u'<a class="moz-txt-link-freetext" href="https://bob.test.local/ipa/xml">https://bob.test.local/ipa/xml</a>'<br>
                  SSSD enabled<br>
                  Configuring test.local as NIS domain<br>
                  Configured /etc/openldap/ldap.conf<br>
                  NTP enabled<br>
                  Configured /etc/ssh/ssh_config<br>
                  Configured /etc/ssh/sshd_config<br>
                  Client configuration complete. </font><font
                  face="sans"> </font></td>
            </tr>
          </tbody>
        </table>
        <br>
        <br>
        <br>
        Results of New network
        <table border="0" cellpadding="0" cellspacing="0">
          <tbody>
            <tr valign="top">
              <td width="431"><font face="sans" color="#1A1A1A">Enrolled
                  in IPA realm TEST.LOCAL<br>
                  Attempting to get host TGT...<br>
                  Created /etc/ipa/default.conf<br>
                  New SSSD config will be created<br>
                  Configured sudoers in /etc/nsswitch.conf<br>
                  Configured /etc/sssd/sssd.conf<br>
                  Configured /etc/krb5.conf for IPA realm TEST.LOCAL<br>
                  trying </font><a moz-do-not-send="true"
                  href="https://rtpvxl0068.watson.local/ipa/xml"><b><u><font
                        face="sans" color="#0000FF">https://bob.test.local/ipa/xml</font></u></b></a><font
                  face="sans" color="#1A1A1A"> <br>
                  Forwarding 'env' to server
                  u'<a class="moz-txt-link-freetext" href="https://bob.test.local/ipa/xml">https://bob.test.local/ipa/xml</a>'<br>
                  Failed to update DNS records.<br>
                  Adding SSH public key from
                  /etc/ssh/ssh_host_rsa_key.pub<br>
                  Adding SSH public key from
                  /etc/ssh/ssh_host_dsa_key.pub<br>
                  Forwarding 'host_mod' to server
                  u'<a class="moz-txt-link-freetext" href="https://bob.test.local/ipa/xml">https://bob.test.local/ipa/xml</a>'<br>
                  Could not update DNS SSHFP records.<br>
                  SSSD enabled<br>
                  Configuring test.local as NIS domain<br>
                  Configured /etc/openldap/ldap.conf<br>
                  NTP enabled<br>
                  Configured /etc/ssh/ssh_config<br>
                  Configured /etc/ssh/sshd_config<br>
                  Client configuration complete </font><font
                  face="sans"> </font><br>
                <br>
                <br>
                <br>
              </td>
            </tr>
          </tbody>
        </table>
        <br>
        <br>
        <br>
        Sean Hogan<br>
        <br>
        <br>
        <br>
      </p>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>