[Freeipa-users] Dns SOA MNAME not resolving from LDAP data

Martin Basti mbasti at redhat.com
Thu Aug 20 12:22:49 UTC 2015 


On 08/20/2015 01:48 PM, David Dejaeghere wrote:
> Hi,
>
> I noticed that changing the authoritarive nameserver in FreeIPA 
> reflects correctly to its directory data but bind will not resolve the 
> soa record with the updated mname details.
>
> For example I add a zone test.be <http://test.be> and change the mname 
> record.
>
> [root at ns02 ~]# ipa dnszone-add
> Zone name: test.be <http://test.be>
>   Zone name: test.be <http://test.be>.
>   Active zone: TRUE
> *  Authoritative nameserver: ns02.tokiogroup.be 
> <http://ns02.tokiogroup.be>.*
>   Administrator e-mail address: hostmaster
>   SOA serial: 1440070999
>   SOA refresh: 3600
>   SOA retry: 900
>   SOA expire: 1209600
>   SOA minimum: 3600
>   BIND update policy: grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> 
> krb5-self * A; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self * 
> AAAA; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
>                       SSHFP;
>   Dynamic update: FALSE
>   Allow query: any;
>   Allow transfer: none;
> [root at ns02 ~]# ipa dnszone-mod --nameserver
> anaconda-ks.cfg  .bash_logout     .bashrc .ipa/            .ssh/
> .bash_history    .bash_profile    .cshrc .pki/            .tcshrc
>
>
> [root at ns02 ~]# ipa dnszone-mod --name-server*ns7.tokiogroup.be 
> <http://ns7.tokiogroup.be>*.
> Zone name: test.be <http://test.be>
> ipa: WARNING: Semantic of setting Authoritative nameserver was 
> changed. It is used only for setting the SOA MNAME attribute.
> NS record(s) can be edited in zone apex - '@'.
>   Zone name: test.be <http://test.be>.
>   Active zone: TRUE
> *Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
>   Administrator e-mail address: hostmaster
>   SOA serial: 1440071001
>   SOA refresh: 3600
>   SOA retry: 900
>   SOA expire: 1209600
>   SOA minimum: 3600
>   Allow query: any;
>   Allow transfer: none;
>
>
> [root at ns02 ~]# nslookup
> > set q=SOA
> > test.be <http://test.be>
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> test.be <http://test.be>
> *origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
>         mail addr = hostmaster.test.be <http://hostmaster.test.be>
>         serial = 1440071001
>         refresh = 3600
>         retry = 900
>         expire = 1209600
>         minimum = 3600
>
> As you can see the SOA record still shows the original default value.
>
> Kind Regards,
>
> David Dejaeghere
>
>

Thank you for this bug report.
I opened bind-dyndb-ldap ticket 
https://fedorahosted.org/bind-dyndb-ldap/ticket/159

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150820/d0cac0f8/attachment.htm>

More information about the Freeipa-users mailing list