[Freeipa-users] DNS updates from dhcpd refused
Mike
maillists at microdel.org
Tue Jan 13 17:35:43 UTC 2015
Just a note to anyone else who may be interested. This may be obvious but
it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..."
command wipes out the existing BIND update policy. So what would seem to
me to be the correct procedure is to do "ipa dnszone-show --all" first to
get the existing policy. Then append the new policy to the existing.
This is what ultimatley worked for me (all one line).
ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self *
A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self *
SSHFP; grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant
dhcpupdate zonesub PTR;"
More information about the Freeipa-users
mailing list