On 13.1.2015 21:25, Dmitri Pal wrote:
> On 01/13/2015 01:41 PM, Mike wrote:
>> On Tue, 13 Jan 2015, Dmitri Pal wrote:
>>
>>> On 01/13/2015 12:35 PM, Mike wrote:
>>>>
>>>>  Just a note to anyone else who may be interested.  This may be obvious but
>>>>  it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..."
>>>>  command wipes out the existing BIND update policy.  So what would seem to
>>>>  me to be the correct procedure is to do "ipa dnszone-show --all" first to
>>>>  get the existing policy. Then append the new policy to the existing. This
>>>>  is what ultimatley worked for me (all one line).
>>>>
>>>>  ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self *
>>>>  A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP;
>>>>  grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate
>>>>  zonesub PTR;"
>>>>
>>>>
>>>>
>>>>
>>> Would you mind contributing a howto solution to FreeIPA site?
>>>
>>
>> Wouldn't mind at all however the Howto I used
>> (http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG)
>> is mostly correct, only three errors that I'm aware of.  And it is a bit
>> "brief", there are a few things I could add.  Should I just follow up off
>> list with updates/changes?
>>
>> -- Mike
>>
> Thanks!
> 
> Petr, Martin, what do you think is the best approach, for Mike just edit the
> page or send corrections off list?

Mike, don't hesitate to update the page directly. After all, it has a history
so we can review it post-edit.

Personally I don't want to set up some heavy-weight review process for wiki :-)

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to