On Mon, 2012-06-04 at 22:39 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > For security reasons, dynamic updates are not enabled for new DNS
> > zones. In order to enable the dynamic zone securely, user needs to
> > allow dynamic updates and create a zone update policy.
> > The policy is not easy to construct for regular users, we should
> > rather fill it by default and let users just switch the policy
> > on or off.
> > https://fedorahosted.org/freeipa/ticket/2441
> I think the example should be something like:
> Modify the zone to allow dynamic updates for hosts own records in
> realm EXAMPLE.COM:
> ipa dnszone-mod example.com --dynamic-update=TRUE
> This is the equivalent of:
> ipa dnszone-mod example.com --dynamic-update=TRUE \\
> --update-policy="grant EXAMPLE.COM krb5-self * A; grant
> EXAMPLE.COM krb5-self * AAAA;"
Right, I did that change.
> Otherwise ACK.
Thanks. I also found out that I forgot to update DNS unit tests, so I
fixed that as well before pushing.
Pushed to master.
Freeipa-devel mailing list