On 01/13/2015 01:41 PM, Mike wrote:
On Tue, 13 Jan 2015, Dmitri Pal wrote:

On 01/13/2015 12:35 PM, Mike wrote:

Just a note to anyone else who may be interested. This may be obvious but it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..." command wipes out the existing BIND update policy. So what would seem to me to be the correct procedure is to do "ipa dnszone-show --all" first to get the existing policy. Then append the new policy to the existing. This
 is what ultimatley worked for me (all one line).

ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self * A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP; grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate
 zonesub PTR;"

Would you mind contributing a howto solution to FreeIPA site?

Wouldn't mind at all however the Howto I used (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG) is mostly correct, only three errors that I'm aware of. And it is a bit "brief", there are a few things I could add. Should I just follow up off list with updates/changes?

-- Mike


Petr, Martin, what do you think is the best approach, for Mike just edit the page or send corrections off list?

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to