On Mon, 2012-06-04 at 22:39 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > For security reasons, dynamic updates are not enabled for new DNS > > zones. In order to enable the dynamic zone securely, user needs to > > allow dynamic updates and create a zone update policy. > > > > The policy is not easy to construct for regular users, we should > > rather fill it by default and let users just switch the policy > > on or off. > > > > https://fedorahosted.org/freeipa/ticket/2441 > > I think the example should be something like: > > Modify the zone to allow dynamic updates for hosts own records in > realm EXAMPLE.COM: > ipa dnszone-mod example.com --dynamic-update=TRUE > > This is the equivalent of: > ipa dnszone-mod example.com --dynamic-update=TRUE \\ > --update-policy="grant EXAMPLE.COM krb5-self * A; grant > EXAMPLE.COM krb5-self * AAAA;"
Right, I did that change. > > Otherwise ACK. > > rob Thanks. I also found out that I forgot to update DNS unit tests, so I fixed that as well before pushing. Pushed to master. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
