<div dir="ltr">Mistakenly failed to post to freeipa-users.<div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Jason Sherrill</b> <span dir="ltr"><<a href="mailto:jason@deeplocal.com">jason@deeplocal.com</a>></span><br>Date: Thu, May 11, 2017 at 9:16 AM<br>Subject: Re: [Freeipa-users] DNS update failing<br>To: Martin Bašti <<a href="mailto:mbasti@redhat.com">mbasti@redhat.com</a>><br><br><br><div dir="ltr">Thank you for the assistance, Martin. The reverse zone is working because of a policy I'd added: grant * tcp-self *. The same entry did for the the forward zone did not work. I ran the manual update as described and was refused. It seems GSS-TSIG is working, but the update is still refused:<div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">[root@ipa-1 jsherrill]# kinit -kt /etc/krb5.keytab</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">[root@ipa-1 jsherrill]# nsupdate -g</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> debug</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> update add <a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a>. 86400 a 10.0.1.36</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> </span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from SOA query:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45996</span></p></span></div><span class=""><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; QUESTION SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; AUTHORITY SECTION:</span></p></span></div></span><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">3600</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>. <a href="http://hostmaster.int.dplcl.com" target="_blank">hostmaster.int.dplcl.com</a>. 1494432187 3600 900 1209600 3600</span></p></span></div><span class=""><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Found zone name: <a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a></span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">The master is: <a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a></span></p></span></div></span><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">start_gssrequest</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Found realm from ticket: <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a></span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">send_gssrequest</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Outgoing update query:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23945</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; QUESTION SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. ANY</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">TKEY</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ADDITIONAL SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. 0 ANY TKEY</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">gss-tsig. ****</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">recvmsg reply from GSS-TSIG query</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23945</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; QUESTION SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. ANY</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">TKEY</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ANSWER SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. 0 ANY TKEY</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">gss-tsig. ****</span></p></span></div><span class=""><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Sending update to 10.0.1.5#53</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Outgoing update query:</span></p></span></div></span><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 13230</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1</span></p></span></div><span class=""><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; UPDATE SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a>. 86400</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">A</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">10.0.1.36</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div></span><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; TSIG PSEUDOSECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. 0 ANY TSIG</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">gss-tsig. **** 13230 NOERROR 0 </span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from update query:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 13230</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1</span></p></span></div><span class=""><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ZONE SECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><br></span></div></span><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; TSIG PSEUDOSECTION:</span></p></span></div><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://3601322568.sig-ipa-1.int.dplcl.com" target="_blank">3601322568.sig-ipa-1.int.<wbr>dplcl.com</a>. 0 ANY TSIG</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">gss-tsig. ****13230 NOERROR 0 </span></p></span></div></blockquote><div><span id="m_-7641485839007569350gmail-docs-internal-guid-e77dedcd-f7a4-9698-a7fc-f0f1fd82df78"><div><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span></div></span></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 11, 2017 at 4:09 AM, Martin Bašti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div text="#000000" bgcolor="#FFFFFF"> <p><br> </p> <br> <div class="m_-7641485839007569350m_2223711459757243613moz-cite-prefix">On 10.05.2017 18:38, Jason Sherrill wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hello, <div><br> </div> <div>I've recently implemented freeIPA in a mixed environment of Mac OS 10.12 and Windows 10 with limited issues!</div> <div><br> </div> <div>One issue is that updating the reverse zone via nsupdate works without issue, updating to the forward zone results in a REFUSED status. Below is my zone config, named.conf, and an example of client-side behavior. I'm new to nearly all systems involved- misconfiguration is likely. Thanks!</div> <div><br> </div> <div><br> </div> <blockquote style="margin:0 0 0 40px;border:none;padding:0px"> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">From freeIPA server:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"># ipa dnszone-show <a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a> --all</span></p> </span></div> </div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br> </p> </span></div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dn: idnsname=<a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.,cn=dns<wbr>,dc=int,dc=dplcl,dc=com</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Zone name: <a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Active zone: TRUE</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Authoritative nameserver: <a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>.</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Administrator e-mail address: <a href="http://hostmaster.int.dplcl.com" target="_blank">hostmaster.int.dplcl.com</a>.</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA serial: 1494344164</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA refresh: 3600</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA retry: 900</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA expire: 1209600</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SOA minimum: 3600</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> BIND update policy: grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self * A; grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self * AAAA; grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self *</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SSHFP;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Dynamic update: TRUE</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow query: any;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow transfer: none;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow PTR sync: TRUE</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> Allow in-line DNSSEC signing: FALSE</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> nsrecord: <a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>.</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> objectclass: idnszone, top, idnsrecord, ipadnszone</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">/etc/named.conf from IPA server:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">options {</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> listen-on-v6 {any;};</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // Put files that named is allowed to write in the data/ directory:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> directory "/var/named"; // the default</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dump-file "data/cache_dump<wbr>.db";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> statistics-file "data/named_stats.txt"<wbr>;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> memstatistics-file "data/named_mem_stats.txt<wbr>";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> // Any host is permitted to issue recursive queries</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> allow-recursion { any; };</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> tkey-gssapi-keytab "/etc/named.keytab";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> pid-file "/run/named/named.pid";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dnssec-enable no;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> dnssec-validation no;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> /* Path to ISC DLV key */</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> bindkeys-file "/etc/named.iscdlv.key";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> managed-keys-directory "/var/named/dynamic";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">/* If you want to enable debugging, eg. using the 'rndc trace' command,</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> * By default, SELinux policy does not allow named to modify the /var/named directory,</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> * so put the default debug log file in data/ :</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> */</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">logging {</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> channel default_debug {</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> file "data/named.run";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> severity dynamic;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> print-time yes;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> };</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">zone "." IN {</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> type hint;</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> file "<a href="http://named.ca" target="_blank">named.ca</a>";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">include "/etc/named.rfc1912.zones";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">include "/etc/named.root.key";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">dynamic-db "ipa" {</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> library "ldap.so";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "uri ldapi://%2fvar%2frun%2fslapd-I<wbr>NT-DPLCL-COM.socket";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "base cn=dns, dc=int,dc=dplcl,dc=com";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "server_id <a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "auth_method sasl";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "sasl_mech GSSAPI";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "sasl_user DNS/<a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> arg "serial_autoincrement yes";</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">};</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">From client macbook:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">testbook3:etc jsherrill$ nsupdate</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> debug</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> update add <a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a> 86400 a 10.0.1.36</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">> </span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from SOA query:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3049</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; QUESTION SECTION:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; AUTHORITY SECTION:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">0</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a>. <a href="http://hostmaster.int.dplcl.com" target="_blank">hostmaster.int.dplcl.com</a>. 1494425173 3600 900 1209600 3600</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Found zone name: <a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a></span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">The master is: <a href="http://ipa-1.int.dplcl.com" target="_blank">ipa-1.int.dplcl.com</a></span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Sending update to 10.0.1.5#53</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Outgoing update query:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 33167</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; UPDATE SECTION:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="http://testbook3.int.dplcl.com" target="_blank">testbook3.int.dplcl.com</a>. 86400</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">A</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">10.0.1.36</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><br> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Reply from update query:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 33167</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;; ZONE SECTION:</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">;<a href="http://int.dplcl.com" target="_blank">int.dplcl.com</a>.</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IN</span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span class="m_-7641485839007569350m_2223711459757243613gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SOA</span></span></div> </div> <div>-- </div> </blockquote> <div> <div class="m_-7641485839007569350m_2223711459757243613gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div style="font-size:12.8px"><br> </div> <div style="font-size:12.8px"><b>Jason Sherrill</b></div> <div style="font-size:12.8px"><a href="http://deeplocal.com/" style="color:rgb(17,85,204)" target="_blank">Deeplocal Inc.</a><br> </div> <div style="font-size:12.8px">mobile: <a href="tel:%28412%29%20636-2073" value="+14129773742" style="color:rgb(17,85,204)" target="_blank">412-636-2073</a></div> <div style="font-size:12.8px"><span style="font-size:12.8px">office: </span><a href="tel:%28412%29%20362-0201" value="+14123620201" style="color:rgb(17,85,204)" target="_blank">412-362-0201</a></div> </div> </div> </div> </div> </div> </div> <br> <fieldset class="m_-7641485839007569350m_2223711459757243613mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> <br> Hello,<br> <br> DNS updates are using GSS-TSIG mechanism by default in FreeIPA, so you cannot use plain nsupdate without providing credentials<br> <br> Here is policy, hosts can update only its records using GSS-TSIG (kerberos)<br> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">BIND update policy: grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self * A; grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self * AAAA; grant <a href="http://INT.DPLCL.COM" target="_blank">INT.DPLCL.COM</a> krb5-self *</span></p> </span></div> </div> <div> <div><span id="m_-7641485839007569350m_2223711459757243613gmail-docs-internal-guid-4576865a-f32e-524c-1d9b-62cda073d63c"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> SSHFP;</span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">So for manual updates via nsupdate, you have to do following steps:</span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">1, kinit -kt /etc/krb5.keytab</span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">2, nsupdate -g</span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">... update A records ...</span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">I don't know why a reverse zone works for you, you should check policy of the reverse zone.</span></p><span class="m_-7641485839007569350HOEnZb"><font color="#888888"> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span></p> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Martin </span></p> </font></span></span></div><span class="m_-7641485839007569350HOEnZb"><font color="#888888"> </font></span></div><span class="m_-7641485839007569350HOEnZb"><font color="#888888"> <pre class="m_-7641485839007569350m_2223711459757243613moz-signature" cols="72">-- Martin Bašti Software Engineer Red Hat Czech</pre> </font></span></div> </blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-7641485839007569350gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><b>Jason Sherrill</b></div><div style="font-size:12.8px"><a href="http://deeplocal.com/" style="color:rgb(17,85,204)" target="_blank">Deeplocal Inc.</a><br></div><div style="font-size:12.8px">mobile: <a href="tel:(412)%20636-2073" value="+14129773742" style="color:rgb(17,85,204)" target="_blank">412-636-2073</a></div><div style="font-size:12.8px"><span style="font-size:12.8px">office: </span><a href="tel:(412)%20362-0201" value="+14123620201" style="color:rgb(17,85,204)" target="_blank">412-362-0201</a></div></div></div></div></div> </div> </div></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><b>Jason Sherrill</b></div><div style="font-size:12.8px"><a href="http://deeplocal.com/" style="color:rgb(17,85,204)" target="_blank">Deeplocal Inc.</a><br></div><div style="font-size:12.8px">mobile: <a href="tel:(412)%20636-2073" value="+14129773742" style="color:rgb(17,85,204)" target="_blank">412-636-2073</a></div><div style="font-size:12.8px"><span style="font-size:12.8px">office: </span><a href="tel:(412)%20362-0201" value="+14123620201" style="color:rgb(17,85,204)" target="_blank">412-362-0201</a></div></div></div></div></div> </div></div>