[Freeipa-users] Dns SOA MNAME not resolving from LDAP data
Martin Basti
mbasti at redhat.com
Thu Aug 20 12:22:49 UTC 2015
On 08/20/2015 01:48 PM, David Dejaeghere wrote:
> Hi,
>
> I noticed that changing the authoritarive nameserver in FreeIPA
> reflects correctly to its directory data but bind will not resolve the
> soa record with the updated mname details.
>
> For example I add a zone test.be <http://test.be> and change the mname
> record.
>
> [root at ns02 ~]# ipa dnszone-add
> Zone name: test.be <http://test.be>
> Zone name: test.be <http://test.be>.
> Active zone: TRUE
> * Authoritative nameserver: ns02.tokiogroup.be
> <http://ns02.tokiogroup.be>.*
> Administrator e-mail address: hostmaster
> SOA serial: 1440070999
> SOA refresh: 3600
> SOA retry: 900
> SOA expire: 1209600
> SOA minimum: 3600
> BIND update policy: grant TOKIOGROUP.BE <http://TOKIOGROUP.BE>
> krb5-self * A; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
> AAAA; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
> SSHFP;
> Dynamic update: FALSE
> Allow query: any;
> Allow transfer: none;
> [root at ns02 ~]# ipa dnszone-mod --nameserver
> anaconda-ks.cfg .bash_logout .bashrc .ipa/ .ssh/
> .bash_history .bash_profile .cshrc .pki/ .tcshrc
>
>
> [root at ns02 ~]# ipa dnszone-mod --name-server*ns7.tokiogroup.be
> <http://ns7.tokiogroup.be>*.
> Zone name: test.be <http://test.be>
> ipa: WARNING: Semantic of setting Authoritative nameserver was
> changed. It is used only for setting the SOA MNAME attribute.
> NS record(s) can be edited in zone apex - '@'.
> Zone name: test.be <http://test.be>.
> Active zone: TRUE
> *Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
> Administrator e-mail address: hostmaster
> SOA serial: 1440071001
> SOA refresh: 3600
> SOA retry: 900
> SOA expire: 1209600
> SOA minimum: 3600
> Allow query: any;
> Allow transfer: none;
>
>
> [root at ns02 ~]# nslookup
> > set q=SOA
> > test.be <http://test.be>
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> test.be <http://test.be>
> *origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
> mail addr = hostmaster.test.be <http://hostmaster.test.be>
> serial = 1440071001
> refresh = 3600
> retry = 900
> expire = 1209600
> minimum = 3600
>
> As you can see the SOA record still shows the original default value.
>
> Kind Regards,
>
> David Dejaeghere
>
>
Thank you for this bug report.
I opened bind-dyndb-ldap ticket
https://fedorahosted.org/bind-dyndb-ldap/ticket/159
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150820/d0cac0f8/attachment.htm>
More information about the Freeipa-users
mailing list