[Freeipa-users] Dynamic DNS
Simo Sorce
simo at redhat.com
Tue Apr 30 17:25:44 UTC 2013
On Tue, 2013-04-30 at 12:08 -0400, Guy Matz wrote:
> hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server?
> I've been trying for days following instructions from various freeipa
> and redhat docs! I've set up keytabs, set up /etc/rndc.key, set
> Dynamic update to True and put the following in my BIND update policy:
> grant host\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;
> grant host\047ipadevmstr.collmedia.net at COLLMEDIA.NET wildcard * ANY;
This looks good, you've put these in LDAP right ?
Can you show the attributes as retrieved from a ldapsearch just to check
the formatting is correct ?
> I keep getting:
>
> # nsupdate -g a_update
> update failed: REFUSED
> update failed: REFUSED
> [root at ipadevmstr ~]# cat a_update
> server ipadevmstr.collmedia.net
> zone collmedia.net.
> update add client.collmedia.net. 86400 IN A
> 192.168.8.120
> send
> update delete client.collmedia.net. IN A
> send
shouldn't you delete first add second ?
> tail /var/log/messages
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141:
> query: collmedia.net IN SOA - (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37600:
> query: 692300375.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#52609:
> updating zone 'collmedia.net/IN': update failed: rejected by secure
> update (REFUSED)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141:
> query: collmedia.net IN SOA - (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#40423:
> query: 718499086.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111)
> Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37000:
> updating zone 'collmedia.net/IN': update failed: rejected by secure
> update (REFUSED)
Something seem wrong with the Access Control policy ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list