None via FreeIPA-users wrote:
> Hello,
> 
> I have two questions:
> 
> 1. How can the default DNS grants be restored, or fixed, without
>    knowing what they were?
> 2. Where can I get information about grants? I can't seem to find where
>    they're documented.
> 
> I was trying to get DDNS updates to work from DHCP server, and the
> documentation doesn't mention executing 'ipa dnszone-mod example.com.
> --update-policy="grant rndc-key wildcard * ANY;"' will overwrite the
> current grants breaking the DNS portion of ipa-client-install.
> 
> Environment:
> 
>  * Fedora 26
>  * FreeIPA 4.4.4 from Fedora repos
>  * ISC DHCP server 4.3.5 from Fedora repos

This will reset it:

$ ipa dnszone-mod example.com. --update-policy="grant EXAMPLE.COM
krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant EXAMPLE.COM
krb5-self * SSHFP;"

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-dynamic-dns-updates.html#dns-policies

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to