<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 10.05.2017 18:38, Jason Sherrill
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CALk-ZZV2uoL_ZtxT7gKHizDZh04tYHpMeWDTbkyjzi1dQPc2Ng@mail.gmail.com">
<div dir="ltr">Hello,
<div><br>
</div>
<div>I've recently implemented freeIPA in a mixed environment of
Mac OS 10.12 and Windows 10 with limited issues!</div>
<div><br>
</div>
<div>One issue is that updating the reverse zone via nsupdate
works without issue, updating to the forward zone results in a
REFUSED status. Below is my zone config, named.conf, and an
example of client-side behavior. I'm new to nearly all
systems involved- misconfiguration is likely. Thanks!</div>
<div><br>
</div>
<div><br>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">From freeIPA server:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"># ipa dnszone-show <a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a> --all</span></p>
</span></div>
</div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br>
</p>
</span></div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dn: idnsname=<a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a>.,cn=dns,dc=int,dc=dplcl,dc=com</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Zone name: <a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a>.</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Active zone: TRUE</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Authoritative nameserver: <a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a>.</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Administrator e-mail address: <a href="http://hostmaster.int.dplcl.com" moz-do-not-send="true">hostmaster.int.dplcl.com</a>.</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA serial: 1494344164</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA refresh: 3600</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA retry: 900</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA expire: 1209600</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA minimum: 3600</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> BIND update policy: grant <a href="http://INT.DPLCL.COM" moz-do-not-send="true">INT.DPLCL.COM</a> krb5-self * A; grant <a href="http://INT.DPLCL.COM" moz-do-not-send="true">INT.DPLCL.COM</a> krb5-self * AAAA; grant <a href="http://INT.DPLCL.COM" moz-do-not-send="true">INT.DPLCL.COM</a> krb5-self *</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SSHFP;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Dynamic update: TRUE</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow query: any;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow transfer: none;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow PTR sync: TRUE</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow in-line DNSSEC signing: FALSE</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> nsrecord: <a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a>.</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> objectclass: idnszone, top, idnsrecord, ipadnszone</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">/etc/named.conf from IPA server:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">options {</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> listen-on-v6 {any;};</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // Put files that named is allowed to write in the data/ directory:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> directory "/var/named"; // the default</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dump-file "data/cache_dump.db";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> statistics-file "data/named_stats.txt";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> memstatistics-file "data/named_mem_stats.txt";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // Any host is permitted to issue recursive queries</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> allow-recursion { any; };</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> tkey-gssapi-keytab "/etc/named.keytab";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> pid-file "/run/named/named.pid";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dnssec-enable no;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dnssec-validation no;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> /* Path to ISC DLV key */</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> bindkeys-file "/etc/named.iscdlv.key";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> managed-keys-directory "/var/named/dynamic";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">/* If you want to enable debugging, eg. using the 'rndc trace' command,</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> * By default, SELinux policy does not allow named to modify the /var/named directory,</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> * so put the default debug log file in data/ :</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> */</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">logging {</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> channel default_debug {</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> file "data/named.run";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> severity dynamic;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> print-time yes;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> };</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">zone "." IN {</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> type hint;</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> file "<a href="http://named.ca" moz-do-not-send="true">named.ca</a>";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">include "/etc/named.rfc1912.zones";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">include "/etc/named.root.key";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">dynamic-db "ipa" {</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> library "ldap.so";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "uri ldapi://%2fvar%2frun%2fslapd-INT-DPLCL-COM.socket";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "base cn=dns, dc=int,dc=dplcl,dc=com";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "server_id <a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a>";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "auth_method sasl";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "sasl_mech GSSAPI";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "sasl_user DNS/<a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a>";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "serial_autoincrement yes";</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">From client macbook:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">testbook3:etc jsherrill$ nsupdate</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> debug</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> update add <a href="http://testbook3.int.dplcl.com" moz-do-not-send="true">testbook3.int.dplcl.com</a> 86400 a 10.0.1.36</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> </span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from SOA query:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3049</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; QUESTION SECTION:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://testbook3.int.dplcl.com" moz-do-not-send="true">testbook3.int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; AUTHORITY SECTION:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">0</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a>. <a href="http://hostmaster.int.dplcl.com" moz-do-not-send="true">hostmaster.int.dplcl.com</a>. 1494425173 3600 900 1209600 3600</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Found zone name: <a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a></span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">The master is: <a href="http://ipa-1.int.dplcl.com" moz-do-not-send="true">ipa-1.int.dplcl.com</a></span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Sending update to 10.0.1.5#53</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Outgoing update query:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 33167</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; UPDATE SECTION:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://testbook3.int.dplcl.com" moz-do-not-send="true">testbook3.int.dplcl.com</a>. 86400</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">A</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">10.0.1.36</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from update query:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 33167</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ZONE SECTION:</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://int.dplcl.com" moz-do-not-send="true">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></span></div>
</div>
<div>-- </div>
</blockquote>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px"><b>Jason Sherrill</b></div>
<div style="font-size:12.8px"><a
href="http://deeplocal.com/"
style="color:rgb(17,85,204)" target="_blank"
moz-do-not-send="true">Deeplocal Inc.</a><br>
</div>
<div style="font-size:12.8px">mobile: <a
href="tel:%28412%29%20636-2073"
value="+14129773742" style="color:rgb(17,85,204)"
target="_blank" moz-do-not-send="true">412-636-2073</a></div>
<div style="font-size:12.8px"><span
style="font-size:12.8px">office: </span><a
href="tel:%28412%29%20362-0201"
value="+14123620201" style="color:rgb(17,85,204)"
target="_blank" moz-do-not-send="true">412-362-0201</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
Hello,<br>
<br>
DNS updates are using GSS-TSIG mechanism by default in FreeIPA, so
you cannot use plain nsupdate without providing credentials<br>
<br>
Here is policy, hosts can update only its records using GSS-TSIG
(kerberos)<br>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">BIND update policy: grant <a href="http://INT.DPLCL.COM">INT.DPLCL.COM</a> krb5-self * A; grant <a href="http://INT.DPLCL.COM">INT.DPLCL.COM</a> krb5-self * AAAA; grant <a href="http://INT.DPLCL.COM">INT.DPLCL.COM</a> krb5-self *</span></p>
</span></div>
</div>
<div>
<div><span
id="gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c">
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SSHFP;</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">
</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">So for manual updates via nsupdate, you have to do following steps:</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">1, kinit -kt /etc/krb5.keytab</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">2, nsupdate -g</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">... update A records ...</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">
</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">
</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">I don't know why a reverse zone works for you, you should check policy of the reverse zone.</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">
</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Martin
</span></p>
</span></div>
</div>
<pre class="moz-signature" cols="72">--
Martin Bašti
Software Engineer
Red Hat Czech</pre>
</body>
</html>