[Freeipa-users] DNS / Allow PTR sync
Petr Spacek
pspacek at redhat.com
Tue Nov 6 09:38:25 UTC 2012
Hello Mike,
are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On
which distribution and IPA version?
On 11/05/2012 10:35 PM, Michael Mercier wrote:
> Hello,
>
> A couple of questions regarding DNS / Allow PTR sync.
>
> 1. If you have a zone 'example.com' and you enable "Allow PTR sync", should you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)?
In webUI - just check the box "Create reverse" while adding a new A record.
"Allow PTR sync" affects only DNS dynamic update.
> 2. Do you have to wait a specified amount of time for the PTR record to be removed after you remove a host?
No, you don't. Change in webUI should be done immediately. For some time you
can see old data on DNS clients because DNS caches all the data extensively.
>
> e.g.
>
> 1. Add 'testhost', 192.168.10.10 to 'example.com' (with Allow PTR sync enabled on the zone) with 'Create reverse' enabled.
> 2. Remove 'testhost' from 'example.com'
> 3. Check 168.192.in-addr.arpa. zone and host 'testhost' still exists.
Seems like a bug to me, please file a ticket:
https://fedorahosted.org/freeipa/newticket
You will be prompted for Fedora account, registration link is:
https://admin.fedoraproject.org/accounts/user/new
Also, please note limitations of syncPTR on DNS server - it affects DNS
dynamic updates:
* If the change was made through IPA CLI/WebUI/LDAP directly - it does nothing
in any case.
* If idnsAllowSyncPTR = true and any A or AAAA record was changed through DNS
dynamic update mechanism - PTR is automatically updated.
* Change is synchronized only if reverse zone is part of LDAP and have dynamic
updates allowed (idnsAllowDynUpdate = TRUE).
* Enabling idnsAllowSyncPTR will not affect existing records as long as they
are not updated though DNS dynamic updates.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list