[Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

Martin Basti mbasti at redhat.com
Tue Jul 14 14:54:25 UTC 2015 

On 14/07/15 16:52, Sina Owolabi wrote:
> I restarted network services on the host, then I restarted sssd again.
> The record appeared!
Great :)
>
> On Tue, Jul 14, 2015 at 3:50 PM, Sina Owolabi <notify.sina at gmail.com> wrote:
>> I removed the A record and restarted SSSD.
>> The DNS record did not update.
>>
>> On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti <mbasti at redhat.com> wrote:
>>> On 13/07/15 19:58, Sina Owolabi wrote:
>>>> Hi Martin
>>>>
>>>> Yes all my sssd configs are set ipa_dyndns_update = True
>>>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set
>>>> them.
>>>> I've tried to set it in the very first zone (setup during
>>>> installation) but dnszone-mod complains:
>>>>
>>>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE
>>>> ipa: ERROR: no modifications to be performed
>>>>
>>>> But I don't see it in the show command:
>>>>
>>>>    ipa dnszone-show mydom.com
>>>>     Zone name: mydom.com.
>>>>     Active zone: TRUE
>>>>     Authoritative nameserver: services.mydom.com.
>>>>     Administrator e-mail address: hostmaster.mydom.com.
>>>>     SOA serial: 1436799166
>>>>     SOA refresh: 3600
>>>>     SOA retry: 900
>>>>     SOA expire: 1209600
>>>>     SOA minimum: 3600
>>>>     Allow query: any;
>>>>     Allow transfer: none;
>>>>
>>>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>>> On 12/07/15 10:05, Sina Owolabi wrote:
>>>>>> Hi
>>>>>>
>>>>>> I have several dns zones defined in IPA. I noticed recently that the
>>>>>> zone files are empty. I find this odd because I created them like the
>>>>>> example below.
>>>>>> Is it possible to force clients to auto-update reverse zones?
>>>>>>
>>>>>> Thanks in advance!
>>>>>>
>>>>>> How I created all the zones:
>>>>>>
>>>>>>     ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000
>>>>>> --allow-sync-ptr=TRUE --dynamic-update
>>>>>>      Zone name: 0.14.10.in-addr.arpa.
>>>>>>      Active zone: TRUE
>>>>>>      Authoritative nameserver: services.ourdomain.com.
>>>>>>      Administrator e-mail address: hostmaster
>>>>>>      SOA serial: 1436688202
>>>>>>      SOA refresh: 3600
>>>>>>      SOA retry: 900
>>>>>>      SOA expire: 1209600
>>>>>>      SOA minimum: 3000
>>>>>>      BIND update policy: grant QRIOS.COM krb5-subdomain
>>>>>> 0.14.10.in-addr.arpa. PTR;
>>>>>>      Dynamic update: TRUE
>>>>>>      Allow query: any;
>>>>>>      Allow transfer: none;
>>>>>>      Allow PTR sync: TRUE
>>>>>>
>>>>> Hello,
>>>>>
>>>>> do you have --allow-sync-ptr=True configured in zones where the
>>>>> particular
>>>>> A/AAAA records are?
>>>>>
>>>>> SSSD is able to update records.
>>>>> Please check if "dyndns_update" is set to true in sssd.conf. (man
>>>>> sssd-ipa)
>>>>>
>>>>> --
>>>>> Martin Basti
>>>>>
>>> Can you try to restart SSSD, or to remove the A record and then restart SSSD
>>> on the particular host?
>>>
>>> --
>>> Martin Basti
>>>


-- 
Martin Basti

More information about the Freeipa-users mailing list