[Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

Martin Basti mbasti at redhat.com
Tue Jul 14 13:20:37 UTC 2015 

On 13/07/15 19:58, Sina Owolabi wrote:
> Hi Martin
>
> Yes all my sssd configs are set ipa_dyndns_update = True
> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them.
> I've tried to set it in the very first zone (setup during
> installation) but dnszone-mod complains:
>
> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE
> ipa: ERROR: no modifications to be performed
>
> But I don't see it in the show command:
>
>   ipa dnszone-show mydom.com
>    Zone name: mydom.com.
>    Active zone: TRUE
>    Authoritative nameserver: services.mydom.com.
>    Administrator e-mail address: hostmaster.mydom.com.
>    SOA serial: 1436799166
>    SOA refresh: 3600
>    SOA retry: 900
>    SOA expire: 1209600
>    SOA minimum: 3600
>    Allow query: any;
>    Allow transfer: none;
>
> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mbasti at redhat.com> wrote:
>> On 12/07/15 10:05, Sina Owolabi wrote:
>>> Hi
>>>
>>> I have several dns zones defined in IPA. I noticed recently that the
>>> zone files are empty. I find this odd because I created them like the
>>> example below.
>>> Is it possible to force clients to auto-update reverse zones?
>>>
>>> Thanks in advance!
>>>
>>> How I created all the zones:
>>>
>>>    ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000
>>> --allow-sync-ptr=TRUE --dynamic-update
>>>     Zone name: 0.14.10.in-addr.arpa.
>>>     Active zone: TRUE
>>>     Authoritative nameserver: services.ourdomain.com.
>>>     Administrator e-mail address: hostmaster
>>>     SOA serial: 1436688202
>>>     SOA refresh: 3600
>>>     SOA retry: 900
>>>     SOA expire: 1209600
>>>     SOA minimum: 3000
>>>     BIND update policy: grant QRIOS.COM krb5-subdomain
>>> 0.14.10.in-addr.arpa. PTR;
>>>     Dynamic update: TRUE
>>>     Allow query: any;
>>>     Allow transfer: none;
>>>     Allow PTR sync: TRUE
>>>
>> Hello,
>>
>> do you have --allow-sync-ptr=True configured in zones where the particular
>> A/AAAA records are?
>>
>> SSSD is able to update records.
>> Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa)
>>
>> --
>> Martin Basti
>>

Can you try to restart SSSD, or to remove the A record and then restart 
SSSD on the particular host?

-- 
Martin Basti

More information about the Freeipa-users mailing list