[Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
Sina Owolabi
notify.sina at gmail.com
Mon Jul 13 17:58:15 UTC 2015
Hi Martin
Yes all my sssd configs are set ipa_dyndns_update = True
I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them.
I've tried to set it in the very first zone (setup during
installation) but dnszone-mod complains:
# ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE
ipa: ERROR: no modifications to be performed
But I don't see it in the show command:
ipa dnszone-show mydom.com
Zone name: mydom.com.
Active zone: TRUE
Authoritative nameserver: services.mydom.com.
Administrator e-mail address: hostmaster.mydom.com.
SOA serial: 1436799166
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mbasti at redhat.com> wrote:
> On 12/07/15 10:05, Sina Owolabi wrote:
>>
>> Hi
>>
>> I have several dns zones defined in IPA. I noticed recently that the
>> zone files are empty. I find this odd because I created them like the
>> example below.
>> Is it possible to force clients to auto-update reverse zones?
>>
>> Thanks in advance!
>>
>> How I created all the zones:
>>
>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000
>> --allow-sync-ptr=TRUE --dynamic-update
>> Zone name: 0.14.10.in-addr.arpa.
>> Active zone: TRUE
>> Authoritative nameserver: services.ourdomain.com.
>> Administrator e-mail address: hostmaster
>> SOA serial: 1436688202
>> SOA refresh: 3600
>> SOA retry: 900
>> SOA expire: 1209600
>> SOA minimum: 3000
>> BIND update policy: grant QRIOS.COM krb5-subdomain
>> 0.14.10.in-addr.arpa. PTR;
>> Dynamic update: TRUE
>> Allow query: any;
>> Allow transfer: none;
>> Allow PTR sync: TRUE
>>
> Hello,
>
> do you have --allow-sync-ptr=True configured in zones where the particular
> A/AAAA records are?
>
> SSSD is able to update records.
> Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa)
>
> --
> Martin Basti
>
More information about the Freeipa-users
mailing list