[Freeipa-users] DNS updates from dhcpd refused
Petr Spacek
pspacek at redhat.com
Wed Jan 14 08:35:58 UTC 2015
On 13.1.2015 21:25, Dmitri Pal wrote:
> On 01/13/2015 01:41 PM, Mike wrote:
>> On Tue, 13 Jan 2015, Dmitri Pal wrote:
>>
>>> On 01/13/2015 12:35 PM, Mike wrote:
>>>>
>>>> Just a note to anyone else who may be interested. This may be obvious but
>>>> it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..."
>>>> command wipes out the existing BIND update policy. So what would seem to
>>>> me to be the correct procedure is to do "ipa dnszone-show --all" first to
>>>> get the existing policy. Then append the new policy to the existing. This
>>>> is what ultimatley worked for me (all one line).
>>>>
>>>> ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self *
>>>> A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP;
>>>> grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate
>>>> zonesub PTR;"
>>>>
>>>>
>>>>
>>>>
>>> Would you mind contributing a howto solution to FreeIPA site?
>>>
>>
>> Wouldn't mind at all however the Howto I used
>> (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG)
>> is mostly correct, only three errors that I'm aware of. And it is a bit
>> "brief", there are a few things I could add. Should I just follow up off
>> list with updates/changes?
>>
>> -- Mike
>>
> Thanks!
>
> Petr, Martin, what do you think is the best approach, for Mike just edit the
> page or send corrections off list?
Mike, don't hesitate to update the page directly. After all, it has a history
so we can review it post-edit.
Personally I don't want to set up some heavy-weight review process for wiki :-)
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list