[Freeipa-users] TTL in individual DNS records
Stephen Ingram
sbingram at gmail.com
Mon Oct 21 15:58:01 UTC 2013
On Sun, Oct 20, 2013 at 11:44 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 18.10.2013 21:44, Stephen Ingram wrote:
>
>> I'm using IPA 3.0.x on RHEL 6.4 and trying to setup other zones in DNS. I
>> notice that regardless of the TTL set in the SOA for the zone, the
>> individual records default to 86400. I see there has been previous
>> discussion on the list (
>> https://www.redhat.com/**archives/freeipa-users/2012-**
>> November/msg00158.html<https://www.redhat.com/archives/freeipa-users/2012-November/msg00158.html>
>> )
>> saying that the 86400 value is hard-coded into bind-dyndb-ldap. It appears
>> as though it might be rectified sometime in the 3.3.x series, however, I'm
>> wondering if there is a workaround for now. Is there a way to just delete
>> this value such that the individual records will default to the value in
>> the SOA until a real fix comes along?
>>
>
> For now, the only workaround is to set TTL explicitly for all affected DNS
> names. Sorry!
>
> $ ipa dnsrecord-mod --help | grep ttl
> --ttl=INT Time to live
>
> The most important thing is that SOA TTL is not related to default record
> TTL by definition.
>
> Some details are described here:
> https://www.redhat.com/**archives/freeipa-users/2012-**
> November/msg00160.html<https://www.redhat.com/archives/freeipa-users/2012-November/msg00160.html>
Am I reading this correctly then that you have to set for each *record* vs
the *zone*. If so, this makes the DNS part of IPA almost unusable except to
those willing to stick with the default 86400 or write a script to handle
each record in the zone. I've been following the list for some time, but
haven't heard much about usage of the DNS component. And, among the users I
speak with no one uses the DNS component. Perhaps this is the reason why? I
haven't looked at the code yet, but would this be that difficult to fix? I
would love to get this working as I think IPA would be great for DNS,
especially with distributed management through the UI.
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131021/f6171fd4/attachment.htm>
More information about the Freeipa-users
mailing list