On ke, 13 maalis 2019, Callum Smith wrote:
Dear Alexander,
The last small wrinkle, setting the server options is fine and works
well, but the DNS record creation still doesn't work. I see it queries
the SOA record and then appears to use that as the server to send the
changes to.
I tried to set the SOA records for the virt.$domain realm, but it
doesnt seem to overwrite the top-level SOA record:
ipa dnszone-mod virt.in.bmrc.ox.ac.uk. --name-server ipa-a --admin-email ipa-a
I note that admin-email appears to be the option that actually changes
the record returned here, which was unexpected for me.
There are three levels of overrides here:
- /etc/named.conf can have 'fake_mname' defined
- 'ipa dnsserver-*' commands allow to define per-server override with
ipa dnsserver-mod <server> --soa-mname-override <some-server>
- DNS zone SOA mname value
If you have SOA mname overridden in the 'ipa dnsserver-show', it will
override whatever is set in the zone. This is to allow DNS location
specific updates to be localized to that location's DNS server.
If you want to control it fully from the DNS zone settings, remove
fake_mname from the /etc/named.conf and from the dnsserver's record:
ipa dnsserver-mod <server> --soa-mname-override=
(--soa-mname-override= sets it to empty value, meaning removal)
--admin-email in the zone should not be affecting SOA mname at all. I
suspect you saw it act conflated with the first two overrides.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
