[Freeipa-users] DNS updates from dhcpd refused
Dmitri Pal
dpal at redhat.com
Tue Jan 13 20:25:40 UTC 2015
On 01/13/2015 01:41 PM, Mike wrote:
> On Tue, 13 Jan 2015, Dmitri Pal wrote:
>
>> On 01/13/2015 12:35 PM, Mike wrote:
>>>
>>> Just a note to anyone else who may be interested. This may be
>>> obvious but
>>> it wasn't to me at first, The "ipa dnszone-mod ...
>>> --update-policy=..."
>>> command wipes out the existing BIND update policy. So what would
>>> seem to
>>> me to be the correct procedure is to do "ipa dnszone-show --all"
>>> first to
>>> get the existing policy. Then append the new policy to the
>>> existing. This
>>> is what ultimatley worked for me (all one line).
>>>
>>> ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN
>>> krb5-self *
>>> A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self *
>>> SSHFP;
>>> grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant
>>> dhcpupdate
>>> zonesub PTR;"
>>>
>>>
>>>
>>>
>> Would you mind contributing a howto solution to FreeIPA site?
>>
>
> Wouldn't mind at all however the Howto I used
> (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG)
> is mostly correct, only three errors that I'm aware of. And it is a
> bit "brief", there are a few things I could add. Should I just follow
> up off list with updates/changes?
>
> -- Mike
>
Thanks!
Petr, Martin, what do you think is the best approach, for Mike just edit
the page or send corrections off list?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list