On 13.1.2015 21:25, Dmitri Pal wrote: > On 01/13/2015 01:41 PM, Mike wrote: >> On Tue, 13 Jan 2015, Dmitri Pal wrote: >> >>> On 01/13/2015 12:35 PM, Mike wrote: >>>> >>>> Just a note to anyone else who may be interested. This may be obvious but >>>> it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..." >>>> command wipes out the existing BIND update policy. So what would seem to >>>> me to be the correct procedure is to do "ipa dnszone-show --all" first to >>>> get the existing policy. Then append the new policy to the existing. This >>>> is what ultimatley worked for me (all one line). >>>> >>>> ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self * >>>> A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP; >>>> grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate >>>> zonesub PTR;" >>>> >>>> >>>> >>>> >>> Would you mind contributing a howto solution to FreeIPA site? >>> >> >> Wouldn't mind at all however the Howto I used >> (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG) >> is mostly correct, only three errors that I'm aware of. And it is a bit >> "brief", there are a few things I could add. Should I just follow up off >> list with updates/changes? >> >> -- Mike >> > Thanks! > > Petr, Martin, what do you think is the best approach, for Mike just edit the > page or send corrections off list?
Mike, don't hesitate to update the page directly. After all, it has a history so we can review it post-edit. Personally I don't want to set up some heavy-weight review process for wiki :-) -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project