On 14.7.2015 10:28, Sina Owolabi wrote: > Thanks Martin > > > The expanded command shows all the output. Curiously, I still don't > see any reverse addresses yet except on the reverse domain for this > primary zone. Ive restarted the IPA servers in hopes of a Windows-y > solution but it didn't help :-)
SyncPTR does something only when the data change. I.e. it will do nothing if your A/AAAA records are up to date (even if clients send update). I'm afraid that there is no pre-made tool to do the mass update, sorry. You probably need to script something yourself. Petr^2 Spacek > output: > ipa dnszone-show mydom.com --all > dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com > Zone name: mydom.com. > Active zone: TRUE > Authoritative nameserver: dc.mydom.com. > Administrator e-mail address: hostmaster.mydom.com. > SOA serial: 1436861122 > SOA refresh: 3600 > SOA retry: 900 > SOA expire: 1209600 > SOA minimum: 3600 > BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM > krb5-self * AAAA; grant mydom.COM krb5-self * SSHFP; > Dynamic update: TRUE > Allow query: any; > Allow transfer: none; > Allow PTR sync: TRUE > arecord: pu.bl.ic.add > mxrecord: 0 mail.mydom.com. > nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. > objectclass: idnszone, top, idnsrecord > > On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti <mba...@redhat.com> wrote: >> On 13/07/15 19:58, Sina Owolabi wrote: >>> >>> Hi Martin >>> >>> Yes all my sssd configs are set ipa_dyndns_update = True >>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>> them. >>> I've tried to set it in the very first zone (setup during >>> installation) but dnszone-mod complains: >>> >>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>> ipa: ERROR: no modifications to be performed >>> >>> But I don't see it in the show command: >>> >>> ipa dnszone-show mydom.com >>> Zone name: mydom.com. >>> Active zone: TRUE >>> Authoritative nameserver: services.mydom.com. >>> Administrator e-mail address: hostmaster.mydom.com. >>> SOA serial: 1436799166 >>> SOA refresh: 3600 >>> SOA retry: 900 >>> SOA expire: 1209600 >>> SOA minimum: 3600 >>> Allow query: any; >>> Allow transfer: none; >> >> You must use option --all >> >> ipa dnszone-show mydom.com --all >> >> >> Martin >> >>> >>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mba...@redhat.com> wrote: >>>> >>>> On 12/07/15 10:05, Sina Owolabi wrote: >>>>> >>>>> Hi >>>>> >>>>> I have several dns zones defined in IPA. I noticed recently that the >>>>> zone files are empty. I find this odd because I created them like the >>>>> example below. >>>>> Is it possible to force clients to auto-update reverse zones? >>>>> >>>>> Thanks in advance! >>>>> >>>>> How I created all the zones: >>>>> >>>>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>>>> --allow-sync-ptr=TRUE --dynamic-update >>>>> Zone name: 0.14.10.in-addr.arpa. >>>>> Active zone: TRUE >>>>> Authoritative nameserver: services.ourdomain.com. >>>>> Administrator e-mail address: hostmaster >>>>> SOA serial: 1436688202 >>>>> SOA refresh: 3600 >>>>> SOA retry: 900 >>>>> SOA expire: 1209600 >>>>> SOA minimum: 3000 >>>>> BIND update policy: grant QRIOS.COM krb5-subdomain >>>>> 0.14.10.in-addr.arpa. PTR; >>>>> Dynamic update: TRUE >>>>> Allow query: any; >>>>> Allow transfer: none; >>>>> Allow PTR sync: TRUE >>>>> >>>> Hello, >>>> >>>> do you have --allow-sync-ptr=True configured in zones where the >>>> particular >>>> A/AAAA records are? >>>> >>>> SSSD is able to update records. >>>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>>> sssd-ipa) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
