[Freeipa-users] DNS updates from dhcpd refused
Mike
maillists at microdel.org
Tue Jan 13 18:41:50 UTC 2015
On Tue, 13 Jan 2015, Dmitri Pal wrote:
> On 01/13/2015 12:35 PM, Mike wrote:
>>
>> Just a note to anyone else who may be interested. This may be obvious but
>> it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..."
>> command wipes out the existing BIND update policy. So what would seem to
>> me to be the correct procedure is to do "ipa dnszone-show --all" first to
>> get the existing policy. Then append the new policy to the existing. This
>> is what ultimatley worked for me (all one line).
>>
>> ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self *
>> A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP;
>> grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate
>> zonesub PTR;"
>>
>>
>>
>>
> Would you mind contributing a howto solution to FreeIPA site?
>
Wouldn't mind at all however the Howto I used
(http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG)
is mostly correct, only three errors that I'm aware of. And it is a bit
"brief", there are a few things I could add. Should I just follow up off
list with updates/changes?
-- Mike
More information about the Freeipa-users
mailing list