[Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

Sina Owolabi notify.sina at gmail.com
Mon Jul 13 17:58:15 UTC 2015 

Hi Martin

Yes all my sssd configs are set ipa_dyndns_update = True
I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them.
I've tried to set it in the very first zone (setup during
installation) but dnszone-mod complains:

# ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE
ipa: ERROR: no modifications to be performed

But I don't see it in the show command:

 ipa dnszone-show mydom.com
  Zone name: mydom.com.
  Active zone: TRUE
  Authoritative nameserver: services.mydom.com.
  Administrator e-mail address: hostmaster.mydom.com.
  SOA serial: 1436799166
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;

On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mbasti at redhat.com> wrote:
> On 12/07/15 10:05, Sina Owolabi wrote:
>>
>> Hi
>>
>> I have several dns zones defined in IPA. I noticed recently that the
>> zone files are empty. I find this odd because I created them like the
>> example below.
>> Is it possible to force clients to auto-update reverse zones?
>>
>> Thanks in advance!
>>
>> How I created all the zones:
>>
>>   ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000
>> --allow-sync-ptr=TRUE --dynamic-update
>>    Zone name: 0.14.10.in-addr.arpa.
>>    Active zone: TRUE
>>    Authoritative nameserver: services.ourdomain.com.
>>    Administrator e-mail address: hostmaster
>>    SOA serial: 1436688202
>>    SOA refresh: 3600
>>    SOA retry: 900
>>    SOA expire: 1209600
>>    SOA minimum: 3000
>>    BIND update policy: grant QRIOS.COM krb5-subdomain
>> 0.14.10.in-addr.arpa. PTR;
>>    Dynamic update: TRUE
>>    Allow query: any;
>>    Allow transfer: none;
>>    Allow PTR sync: TRUE
>>
> Hello,
>
> do you have --allow-sync-ptr=True configured in zones where the particular
> A/AAAA records are?
>
> SSSD is able to update records.
> Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa)
>
> --
> Martin Basti
>

More information about the Freeipa-users mailing list