Thanks Petr. Can I assume that any fresh clients added to the IDM domain, is going to have both its forward and reverse records populated?
On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek <[email protected]> wrote: > On 14.7.2015 10:28, Sina Owolabi wrote: >> Thanks Martin >> >> >> The expanded command shows all the output. Curiously, I still don't >> see any reverse addresses yet except on the reverse domain for this >> primary zone. Ive restarted the IPA servers in hopes of a Windows-y >> solution but it didn't help :-) > > SyncPTR does something only when the data change. I.e. it will do nothing if > your A/AAAA records are up to date (even if clients send update). > > I'm afraid that there is no pre-made tool to do the mass update, sorry. You > probably need to script something yourself. > > Petr^2 Spacek > >> output: >> ipa dnszone-show mydom.com --all >> dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com >> Zone name: mydom.com. >> Active zone: TRUE >> Authoritative nameserver: dc.mydom.com. >> Administrator e-mail address: hostmaster.mydom.com. >> SOA serial: 1436861122 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3600 >> BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM >> krb5-self * AAAA; grant mydom.COM krb5-self * SSHFP; >> Dynamic update: TRUE >> Allow query: any; >> Allow transfer: none; >> Allow PTR sync: TRUE >> arecord: pu.bl.ic.add >> mxrecord: 0 mail.mydom.com. >> nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. >> objectclass: idnszone, top, idnsrecord >> >> On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti <[email protected]> wrote: >>> On 13/07/15 19:58, Sina Owolabi wrote: >>>> >>>> Hi Martin >>>> >>>> Yes all my sssd configs are set ipa_dyndns_update = True >>>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>>> them. >>>> I've tried to set it in the very first zone (setup during >>>> installation) but dnszone-mod complains: >>>> >>>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>>> ipa: ERROR: no modifications to be performed >>>> >>>> But I don't see it in the show command: >>>> >>>> ipa dnszone-show mydom.com >>>> Zone name: mydom.com. >>>> Active zone: TRUE >>>> Authoritative nameserver: services.mydom.com. >>>> Administrator e-mail address: hostmaster.mydom.com. >>>> SOA serial: 1436799166 >>>> SOA refresh: 3600 >>>> SOA retry: 900 >>>> SOA expire: 1209600 >>>> SOA minimum: 3600 >>>> Allow query: any; >>>> Allow transfer: none; >>> >>> You must use option --all >>> >>> ipa dnszone-show mydom.com --all >>> >>> >>> Martin >>> >>>> >>>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <[email protected]> wrote: >>>>> >>>>> On 12/07/15 10:05, Sina Owolabi wrote: >>>>>> >>>>>> Hi >>>>>> >>>>>> I have several dns zones defined in IPA. I noticed recently that the >>>>>> zone files are empty. I find this odd because I created them like the >>>>>> example below. >>>>>> Is it possible to force clients to auto-update reverse zones? >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> How I created all the zones: >>>>>> >>>>>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>>>>> --allow-sync-ptr=TRUE --dynamic-update >>>>>> Zone name: 0.14.10.in-addr.arpa. >>>>>> Active zone: TRUE >>>>>> Authoritative nameserver: services.ourdomain.com. >>>>>> Administrator e-mail address: hostmaster >>>>>> SOA serial: 1436688202 >>>>>> SOA refresh: 3600 >>>>>> SOA retry: 900 >>>>>> SOA expire: 1209600 >>>>>> SOA minimum: 3000 >>>>>> BIND update policy: grant QRIOS.COM krb5-subdomain >>>>>> 0.14.10.in-addr.arpa. PTR; >>>>>> Dynamic update: TRUE >>>>>> Allow query: any; >>>>>> Allow transfer: none; >>>>>> Allow PTR sync: TRUE >>>>>> >>>>> Hello, >>>>> >>>>> do you have --allow-sync-ptr=True configured in zones where the >>>>> particular >>>>> A/AAAA records are? >>>>> >>>>> SSSD is able to update records. >>>>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>>>> sssd-ipa) > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
