[Freeipa-users] One kerberos realm, two dns zones and SSHFP records

[Martin Basti]

On 03/22/2017 08:29 PM, Ranbir wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Everyone,
>
> I'm using a fully updated CentOS 7.3 environment for two IPA servers. I
> have one kerberos realm, one dns zone with the same name as the
> kerberos realm and another dns zone with a different name. DNS is
> managed by IPA. For the sake of this message:
>
> realm: REALM.IPA
> dnszone1: realm.ipa
> dnszone2: random.ipa
>
> When I join a server that's going into the realm.ipa dns zone to the
> IPA domain, SSHFP records for that server get automatically created in
> realm.ipa. But, when I do the same for a server going into the
> random.ipa dns zone, the SSHFP aren't automatically created. I have to
> do add the SSHFP records manually after the client install completes.
>
> Why are SSHFP records not added automatically for the second dns zone
> and I how can I fix this situation?
>
> Thanks in advance.
>
> Ranbir
>
>
> - -- 
> Ranbir
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCgAGBQJY0tCCAAoJEN7T/ly5z1dik3cP/0Xx0Vk0cIfbloYJuVb1ffMH
> mJzKg3BaSEasWL3mJSsgPQS7CZWFi6PgBZLc79nwJhve1tAZC5+pMwVZwY9F7U9a
> liZdK1l7a0agpDwnupISdih5PG6TGNEfVjHezKKwnDgjUWMOqak7BM3KIffjhNzc
> SpuZHUDuY8QD2DeyO8iuuJjt+BUiWJ+Weh1OJq4UKWT68wALc/TbdtLi5OWlFtnV
> rClTbOhPvm8I4Md3DT0vDdhKqPiUvBGPKgse7HZIN9G4W6/wpM3hU1+ETYgXWqIX
> yRSK0rjjxfrWKIqRUB1sCKLlkdd+wMaRa/uCnRgvRhYjYUrwyPaH11N41lvE7zUz
> ccJnaZXkDcIWW9wkAQxx3XXx5vHR33VTS13nkZv4QsHSoJOXcqrsr+Q1r28WmLcZ
> wb3osINWIEmFCX6knZVRZLDhAefHz+FVsJwzsh6iCdqar+LzFvR0hRUJ0Fepxs8M
> bkKEZ3LztTtDssX+AO7CqkMZSQ5DHiT9Yo1gHXr2zTEt3qzxyuE0GjMyXzBWyMV4
> TpOXoRVQMUvEEV2ecpEATBEKghqXOMqhSeGAObfdlEKADTt11u8ONxwutFYPxybD
> Sxfd6yvg2/QvB8GYgLMkENuJWdwbFYrlb3GQ04TKjcW6TklcRyjsI8x/Wg3LjofQ
> AEtlIGyrGau9jPaeHYwd
> =mJn4
> -----END PGP SIGNATURE-----
>

Do you have enabled dynamic-updates in random.ipa. zone?
Could you check nsupdate output in /var/log/ipaclient-install.log ?