On Tue, 13 Jan 2015, Dmitri Pal wrote:

On 01/13/2015 12:35 PM, Mike wrote:


 Just a note to anyone else who may be interested.  This may be obvious but
 it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..."
 command wipes out the existing BIND update policy.  So what would seem to
 me to be the correct procedure is to do "ipa dnszone-show --all" first to
 get the existing policy. Then append the new policy to the existing. This
 is what ultimatley worked for me (all one line).

 ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self *
 A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP;
 grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate
 zonesub PTR;"




Would you mind contributing a howto solution to FreeIPA site?


Wouldn't mind at all however the Howto I used (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG) is mostly correct, only three errors that I'm aware of. And it is a bit "brief", there are a few things I could add. Should I just follow up off list with updates/changes?

-- Mike

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to