[Freeipa-users] Dynamic DNS

[Simo Sorce]

On Tue, 2013-04-30 at 12:08 -0400, Guy Matz wrote:
> hi!  Anyone out there gotten Dynamic DNS freeipa-managed DNS server?  
> I've been trying for days following instructions from various freeipa 
> and redhat docs!  I've set up  keytabs, set up /etc/rndc.key, set 
> Dynamic update to True and put the following in my BIND update policy:
> grant host\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;
> grant host\047ipadevmstr.collmedia.net at COLLMEDIA.NET wildcard * ANY;

This looks good, you've put these in LDAP right ?

Can you show the attributes as retrieved from a ldapsearch just to check
the formatting is correct ?

> I keep getting:
> 
> # nsupdate -g a_update
> update failed: REFUSED
> update failed: REFUSED
> [root at ipadevmstr ~]# cat a_update
> server ipadevmstr.collmedia.net
> zone collmedia.net.
> update add client.collmedia.net.                86400 IN      A       
> 192.168.8.120
> send
> update delete client.collmedia.net. IN      A
> send

shouldn't you delete first add second ?

> tail /var/log/messages
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: 
> query: collmedia.net IN SOA - (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37600: 
> query: 692300375.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#52609: 
> updating zone 'collmedia.net/IN': update failed: rejected by secure 
> update (REFUSED)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: 
> query: collmedia.net IN SOA - (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#40423: 
> query: 718499086.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37000: 
> updating zone 'collmedia.net/IN': update failed: rejected by secure 
> update (REFUSED)

Something seem wrong with the Access Control policy ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York