[Freeipa-devel] [PATCH] 271 Fill new DNS zone update policy by default
Martin Kosek
mkosek at redhat.com
Tue Jun 5 08:01:07 UTC 2012
On Tue, 2012-06-05 at 14:44 +0930, William Brown wrote:
> > I think the example should be something like:
> >
> > Modify the zone to allow dynamic updates for hosts own records in
> > realm EXAMPLE.COM:
> > ipa dnszone-mod example.com --dynamic-update=TRUE
> >
> > This is the equivalent of:
> > ipa dnszone-mod example.com --dynamic-update=TRUE \\
> > --update-policy="grant EXAMPLE.COM krb5-self * A; grant
> > EXAMPLE.COM krb5-self * AAAA;"
> >
>
> What about reverse zones?
With the patch I just pushed is the update policy for reverse zone
automatically generated as well:
# ipa dnszone-add 3.2.1.in-addr.arpa. --name-server=ns.example.com
Administrator e-mail address [hostmaster.3.2.1.in-addr.arpa.]:
Zone name: 3.2.1.in-addr.arpa.
Authoritative nameserver: ns.example.com.
Administrator e-mail address: hostmaster.3.2.1.in-addr.arpa.
SOA serial: 2012060501
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant EXAMPLE.COM krb5-subdomain
3.2.1.in-addr.arpa. PTR;
Active zone: TRUE
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
# ipa dnszone-mod 3.2.1.in-addr.arpa. --dynamic-update=TRUE
Zone name: 3.2.1.in-addr.arpa.
Authoritative nameserver: ns.example.com.
Administrator e-mail address: hostmaster.3.2.1.in-addr.arpa.
SOA serial: 2012060501
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Active zone: TRUE
Dynamic update: TRUE
Allow query: any;
Allow transfer: none;
With the second change, dynamic updates for the reverse zone are enabled
without users having to be knowledgeable about BIND update policy
format.
Martin
More information about the Freeipa-devel
mailing list