[Freeipa-devel] [PATCHES 0114-0115, 0120-0121] DNS: allow to add root zone '.'

Petr Spacek pspacek at redhat.com
Mon Sep 15 15:10:33 UTC 2014 

On 12.9.2014 15:19, Martin Basti wrote:
> On 03/09/14 12:45, Martin Basti wrote:
>> On 03/09/14 12:27, Martin Kosek wrote:
>>> On 09/02/2014 05:46 PM, Petr Spacek wrote:
>>>> On 25.8.2014 14:52, Martin Basti wrote:
>>>>> Patches attached.
>>>>>
>>>>> Ticket: https://fedorahosted.org/freeipa/ticket/4149
>>>>>
>>>>> There is a bug in bind-dyndb-ldap (or worse in dirsrv), which cause the
>>>>> named
>>>>> service is stopped after deleting zone.
>>>>> Bug ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/138
>>>> Functional ACK, it works for me. It can be pushed if Python gurus are okay
>>>> with
>>>> the code.
>>> Is it safe to commit the change given that bind-dyndb-ldap still crash when
>>> "."
>>> is removed? Wouldn't it break our CI tests?
>>>
>>> Maybe we should wait until fixed bind-dydnb-ldap is released. Hopefully it
>>> would be soon.
>>>
>>> Martin
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> It will broke tests, don't push it until bind-dyndb-ldap is fixed.
>> Currently I'm testing bind-dyndb-ldap related patch.
>>
> Added patches 120 and 121, which are required by DNS to work correctly.
> Patches 120 and 121 add all DNS replicas to zone apex as NS, --name-server
> option doesn't add NS record, only changes the SOA MNAME attribute
>
> Original and new patches attached.

NACK, unfortunately it doesn't work for me:
# ipa dnszone-add tri.test. --name-server=ns.test.
Administrator e-mail address [hostmaster.tri.test.]:
ipa: WARNING: '--name-server' is used only for setting up the SOA MNAME record.
To edit NS record(s) in zone apex, use command 'dnsrecord-mod [zone] @ 
--ns-rec=nameserver'.
   Zone name: tri.test.
   Active zone: TRUE
   Authoritative nameserver: ns.test.
   Administrator e-mail address: hostmaster.tri.test.
   SOA serial: 1410793406
   SOA refresh: 3600
   SOA retry: 900
   SOA expire: 1209600
   SOA minimum: 3600
   BIND update policy: grant IPA.EXAMPLE krb5-self * A; grant IPA.EXAMPLE 
krb5-self * AAAA; grant IPA.EXAMPLE krb5-self * SSHFP;
   Dynamic update: FALSE
   Allow query: any;
   Allow transfer: none;

[root at vm-035 rpms]# ipa dnszone-show tri.test. --all --raw
   dn: idnsname=tri.test.,cn=dns,dc=ipa,dc=example
   idnsname: tri.test.
   idnszoneactive: TRUE
   idnssoamname: ns.test.
   idnssoarname: hostmaster.tri.test.
   idnssoaserial: 1410793408
   idnssoarefresh: 3600
   idnssoaretry: 900
   idnssoaexpire: 1209600
   idnssoaminimum: 3600
   idnsallowquery: any;
   idnsallowtransfer: none;
   idnsAllowDynUpdate: FALSE
   idnsUpdatePolicy: grant IPA.EXAMPLE krb5-self * A; grant IPA.EXAMPLE 
krb5-self * AAAA; grant IPA.EXAMPLE krb5-self * SSHFP;
   nsrecord: vm-035.idm.lab.eng.brq.redhat.com.
   objectClass: idnszone
   objectClass: top
   objectClass: idnsrecord

[root at vm-035 rpms]# ipa dnsrecord-mod @ tri.test. --ns-rec=$(hostname).
ipa: ERROR: tri.test.: DNS resource record not found

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list