Re: [Freeipa-users] best practices for subdomains

Mon, 03 Mar 2014 00:37:27 -0800 

On 1.3.2014 23:20, Brendan Kearney wrote:

i am using bind-dyndb-ldap outside of freeipa, and want to create
_tcp.my-domain.com and _udp.my-domain.com subdomains.  i have tried, but
seem to come up short and nslookup fails for the records i try to create
in the subdomains.  some googling and searching in the wiki have not
provided me with much go on.  below is an attempt at _tcp.my-domain.com

dn: idnsName=_tcp.my-domain.com.,cn=dns,dc=my-domain,dc=com
dnsttl: 3600
idnsallowdynupdate: FALSE
idnsallowsyncptr: FALSE
idnsname: _tcp.my-domain.com.
idnssoaexpire: 604800
idnssoaminimum: 86400
idnssoamname: server.my-domain.com.
idnssoarefresh: 10800
idnssoaretry: 900
idnssoarname: root.server.my-domain.com.
idnssoaserial: 1
idnsupdatepolicy: grant MY-DOMAIN.COM krb5-self * A;
idnszoneactive: TRUE
nsrecord: server.my-domain.com.
objectclass: top
objectclass: idnsZone
objectclass: idnsRecord

what is the correct way to create a subdomain?
First of all, do you really want to create *subdomains* for _tcp and _udp or do you just need to create couple records like _ldap._tcp in a existing domain? It is very unusual to create separate subdomains for _tcp and _udp.
I'm attaching small snippet which shows how to add _ldap._tcp SRV record to existing domain ipa.example. 

Please be so kind and send us information mentioned on
https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting#a3.Whatweneedtoknow
We would like to know how users use bind-dyndb-ldap, which LDAP server is used outside FreeIPA and so on. 

Have a nice day!

--
Petr^2 Spacek

version: 1

dn: idnsname=ipa.example,cn=dns,dc=ipa,dc=example
objectClass: idnsrecord
objectClass: top
objectClass: idnszone
idnsName: ipa.example
idnsSOAexpire: 1209600
idnsSOAminimum: 3600
idnsSOAmName: ns.ipa.example.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOArName: hostmaster.ipa.example.
idnsSOAserial: 1393602813
idnsZoneActive: TRUE
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any;
idnsAllowTransfer: none;
idnsUpdatePolicy: grant IPA.EXAMPLE krb5-self * A; grant IPA.EXAMPLE krb5-se
 lf * AAAA; grant IPA.EXAMPLE krb5-self * SSHFP;
nSRecord: ns.ipa.example.

dn: idnsname=ns,idnsname=ipa.example,cn=dns,dc=ipa,dc=example
objectClass: idnsrecord
objectClass: top
idnsName: ns
aRecord: 192.0.2.1

dn: idnsname=vm,idnsname=ipa.example,cn=dns,dc=ipa,dc=example
objectClass: idnsrecord
objectClass: top
idnsName: vm
aRecord: 192.0.2.222

dn: idnsname=_ldap._tcp,idnsname=ipa.example,cn=dns,dc=ipa,dc=example
objectClass: idnsrecord
objectClass: top
idnsName: _ldap._tcp
sRVRecord: 0 100 389 vm.ipa.example.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to