[Freeipa-users] Dns SOA MNAME not resolving from LDAP data
Martin Basti
mbasti at redhat.com
Thu Aug 20 12:32:00 UTC 2015
On 08/20/2015 02:22 PM, Martin Basti wrote:
>
>
> On 08/20/2015 01:48 PM, David Dejaeghere wrote:
>> Hi,
>>
>> I noticed that changing the authoritarive nameserver in FreeIPA
>> reflects correctly to its directory data but bind will not resolve
>> the soa record with the updated mname details.
>>
>> For example I add a zone test.be <http://test.be> and change the
>> mname record.
>>
>> [root at ns02 ~]# ipa dnszone-add
>> Zone name: test.be <http://test.be>
>> Zone name: test.be <http://test.be>.
>> Active zone: TRUE
>> * Authoritative nameserver: ns02.tokiogroup.be
>> <http://ns02.tokiogroup.be>.*
>> Administrator e-mail address: hostmaster
>> SOA serial: 1440070999
>> SOA refresh: 3600
>> SOA retry: 900
>> SOA expire: 1209600
>> SOA minimum: 3600
>> BIND update policy: grant TOKIOGROUP.BE <http://TOKIOGROUP.BE>
>> krb5-self * A; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
>> AAAA; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
>> SSHFP;
>> Dynamic update: FALSE
>> Allow query: any;
>> Allow transfer: none;
>> [root at ns02 ~]# ipa dnszone-mod --nameserver
>> anaconda-ks.cfg .bash_logout .bashrc .ipa/ .ssh/
>> .bash_history .bash_profile .cshrc .pki/ .tcshrc
>>
>>
>> [root at ns02 ~]# ipa dnszone-mod --name-server*ns7.tokiogroup.be
>> <http://ns7.tokiogroup.be>*.
>> Zone name: test.be <http://test.be>
>> ipa: WARNING: Semantic of setting Authoritative nameserver was
>> changed. It is used only for setting the SOA MNAME attribute.
>> NS record(s) can be edited in zone apex - '@'.
>> Zone name: test.be <http://test.be>.
>> Active zone: TRUE
>> *Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
>> Administrator e-mail address: hostmaster
>> SOA serial: 1440071001
>> SOA refresh: 3600
>> SOA retry: 900
>> SOA expire: 1209600
>> SOA minimum: 3600
>> Allow query: any;
>> Allow transfer: none;
>>
>>
>> [root at ns02 ~]# nslookup
>> > set q=SOA
>> > test.be <http://test.be>
>> Server: 127.0.0.1
>> Address: 127.0.0.1#53
>>
>> test.be <http://test.be>
>> *origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
>> mail addr = hostmaster.test.be <http://hostmaster.test.be>
>> serial = 1440071001
>> refresh = 3600
>> retry = 900
>> expire = 1209600
>> minimum = 3600
>>
>> As you can see the SOA record still shows the original default value.
>>
>> Kind Regards,
>>
>> David Dejaeghere
>>
>>
>
> Thank you for this bug report.
> I opened bind-dyndb-ldap ticket
> https://fedorahosted.org/bind-dyndb-ldap/ticket/159
>
> Martin
>
>
I maybe found why do you have this issue,
do you have fake_mname configured in bind_dyndb_ldap section of named.conf?
If yes then remove this option to use SOA MNAME from LDAP.
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150820/a129207b/attachment.htm>
More information about the Freeipa-users
mailing list