[Freeipa-users] Dns SOA MNAME not resolving from LDAP data
David Dejaeghere
david.dejaeghere at gmail.com
Thu Aug 20 11:48:53 UTC 2015
Hi,
I noticed that changing the authoritarive nameserver in FreeIPA reflects
correctly to its directory data but bind will not resolve the soa record
with the updated mname details.
For example I add a zone test.be and change the mname record.
[root at ns02 ~]# ipa dnszone-add
Zone name: test.be
Zone name: test.be.
Active zone: TRUE
* Authoritative nameserver: ns02.tokiogroup.be
<http://ns02.tokiogroup.be>.*
Administrator e-mail address: hostmaster
SOA serial: 1440070999
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant TOKIOGROUP.BE krb5-self * A; grant TOKIOGROUP.BE
krb5-self * AAAA; grant TOKIOGROUP.BE krb5-self *
SSHFP;
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
[root at ns02 ~]# ipa dnszone-mod --nameserver
anaconda-ks.cfg .bash_logout .bashrc .ipa/ .ssh/
.bash_history .bash_profile .cshrc .pki/ .tcshrc
[root at ns02 ~]# ipa dnszone-mod --name-server* ns7.tokiogroup.be
<http://ns7.tokiogroup.be>*.
Zone name: test.be
ipa: WARNING: Semantic of setting Authoritative nameserver was changed. It
is used only for setting the SOA MNAME attribute.
NS record(s) can be edited in zone apex - '@'.
Zone name: test.be.
Active zone: TRUE
*Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
Administrator e-mail address: hostmaster
SOA serial: 1440071001
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
[root at ns02 ~]# nslookup
> set q=SOA
> test.be
Server: 127.0.0.1
Address: 127.0.0.1#53
test.be
* origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
mail addr = hostmaster.test.be
serial = 1440071001
refresh = 3600
retry = 900
expire = 1209600
minimum = 3600
As you can see the SOA record still shows the original default value.
Kind Regards,
David Dejaeghere
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150820/f02266bb/attachment.htm>
More information about the Freeipa-users
mailing list