[Freeipa-users] Removing DNS component

[Brian Candler]

On 08/12/2016 17:05, Martin Basti wrote:
> I suggest to keep DNS tree there and all permissions, just remove all 
> zones using IPA API and disable DNS service and dnssyncd service in 
> LDAP, because removing DNS completely is unsupported and untested
>
> dn: cn=DNS,cn=vm-028.ipa.test,cn=masters,cn=ipa,cn=etc,$SUFFIX
> objectClass: ipaConfigObject
> objectClass: nsContainer
> objectClass: top
> ipaConfigString: startOrder 30
> ipaConfigString: enabledService <--- remove this
> cn: DNS
>
>
> dn: cn=DNSKeySync,cn=vm-028.ipa.test,cn=masters,cn=ipa,$SUFFIX
> objectClass: nsContainer
> objectClass: top
> ipaConfigString: dnssecVersion 1
> ipaConfigString: startOrder 110
> ipaConfigString: enabledService <---- remove this
> cn: DNSKeySync
>
> It will keep ipa dns* command working but without any effect


That did the job - nothing listening on port 53 now. Thank you!

Regards,

Brian.