On 15/09/14 17:10, Petr Spacek wrote:
On 12.9.2014 15:19, Martin Basti wrote:
On 03/09/14 12:45, Martin Basti wrote:
On 03/09/14 12:27, Martin Kosek wrote:
On 09/02/2014 05:46 PM, Petr Spacek wrote:
On 25.8.2014 14:52, Martin Basti wrote:
Patches attached.
Ticket: https://fedorahosted.org/freeipa/ticket/4149
There is a bug in bind-dyndb-ldap (or worse in dirsrv), which
cause the
named
service is stopped after deleting zone.
Bug ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/138
Functional ACK, it works for me. It can be pushed if Python gurus
are okay
with
the code.
Is it safe to commit the change given that bind-dyndb-ldap still
crash when
"."
is removed? Wouldn't it break our CI tests?
Maybe we should wait until fixed bind-dydnb-ldap is released.
Hopefully it
would be soon.
Martin
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
It will broke tests, don't push it until bind-dyndb-ldap is fixed.
Currently I'm testing bind-dyndb-ldap related patch.
Added patches 120 and 121, which are required by DNS to work correctly.
Patches 120 and 121 add all DNS replicas to zone apex as NS,
--name-server
option doesn't add NS record, only changes the SOA MNAME attribute
Original and new patches attached.
NACK, unfortunately it doesn't work for me:
# ipa dnszone-add tri.test. --name-server=ns.test.
Administrator e-mail address [hostmaster.tri.test.]:
ipa: WARNING: '--name-server' is used only for setting up the SOA
MNAME record.
To edit NS record(s) in zone apex, use command 'dnsrecord-mod [zone] @
--ns-rec=nameserver'.
Zone name: tri.test.
Active zone: TRUE
Authoritative nameserver: ns.test.
Administrator e-mail address: hostmaster.tri.test.
SOA serial: 1410793406
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant IPA.EXAMPLE krb5-self * A; grant
IPA.EXAMPLE krb5-self * AAAA; grant IPA.EXAMPLE krb5-self * SSHFP;
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
[root@vm-035 rpms]# ipa dnszone-show tri.test. --all --raw
dn: idnsname=tri.test.,cn=dns,dc=ipa,dc=example
idnsname: tri.test.
idnszoneactive: TRUE
idnssoamname: ns.test.
idnssoarname: hostmaster.tri.test.
idnssoaserial: 1410793408
idnssoarefresh: 3600
idnssoaretry: 900
idnssoaexpire: 1209600
idnssoaminimum: 3600
idnsallowquery: any;
idnsallowtransfer: none;
idnsAllowDynUpdate: FALSE
idnsUpdatePolicy: grant IPA.EXAMPLE krb5-self * A; grant IPA.EXAMPLE
krb5-self * AAAA; grant IPA.EXAMPLE krb5-self * SSHFP;
nsrecord: vm-035.idm.lab.eng.brq.redhat.com.
objectClass: idnszone
objectClass: top
objectClass: idnsrecord
[root@vm-035 rpms]# ipa dnsrecord-mod @ tri.test. --ns-rec=$(hostname).
ipa: ERROR: tri.test.: DNS resource record not found
NACKing NACK
ipa dnsrecord-mod @ tri.test. --ns-rec=$(hostname).
you switched order zone and record, it should be
ipa dnsrecord-mod tri.test. @ --ns-rec=$(hostname).
--
Martin Basti
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
