Hello Mike,

are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On which distribution and IPA version?

On 11/05/2012 10:35 PM, Michael Mercier wrote:

A couple of questions regarding DNS / Allow PTR sync.

1.  If you have a zone 'example.com' and you enable "Allow PTR sync", should 
you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)?
In webUI - just check the box "Create reverse" while adding a new A record. "Allow PTR sync" affects only DNS dynamic update.

2.  Do you have to wait a specified amount of time for the PTR record to be 
removed after you remove a host?
No, you don't. Change in webUI should be done immediately. For some time you can see old data on DNS clients because DNS caches all the data extensively.


1.  Add 'testhost', to 'example.com' (with Allow PTR sync enabled 
on the zone) with 'Create reverse' enabled.
2.  Remove 'testhost' from 'example.com'
3.  Check 168.192.in-addr.arpa. zone and host 'testhost' still exists.
Seems like a bug to me, please file a ticket:

You will be prompted for Fedora account, registration link is:

Also, please note limitations of syncPTR on DNS server - it affects DNS dynamic updates:

* If the change was made through IPA CLI/WebUI/LDAP directly - it does nothing in any case.

* If idnsAllowSyncPTR = true and any A or AAAA record was changed through DNS dynamic update mechanism - PTR is automatically updated.

* Change is synchronized only if reverse zone is part of LDAP and have dynamic updates allowed (idnsAllowDynUpdate = TRUE).

* Enabling idnsAllowSyncPTR will not affect existing records as long as they are not updated though DNS dynamic updates.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to