Hi,

I noticed that changing the authoritarive nameserver in FreeIPA reflects
correctly to its directory data but bind will not resolve the soa record
with the updated mname details.

For example I add a zone test.be and change the mname record.

[root@ns02 ~]# ipa dnszone-add
Zone name: test.be
  Zone name: test.be.
  Active zone: TRUE
*  Authoritative nameserver: ns02.tokiogroup.be
<http://ns02.tokiogroup.be>.*
  Administrator e-mail address: hostmaster
  SOA serial: 1440070999
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TOKIOGROUP.BE krb5-self * A; grant TOKIOGROUP.BE
krb5-self * AAAA; grant TOKIOGROUP.BE krb5-self *
                      SSHFP;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
[root@ns02 ~]# ipa dnszone-mod --nameserver
anaconda-ks.cfg  .bash_logout     .bashrc          .ipa/            .ssh/
.bash_history    .bash_profile    .cshrc           .pki/            .tcshrc


[root@ns02 ~]# ipa dnszone-mod --name-server* ns7.tokiogroup.be
<http://ns7.tokiogroup.be>*.
Zone name: test.be
ipa: WARNING: Semantic of setting Authoritative nameserver was changed. It
is used only for setting the SOA MNAME attribute.
NS record(s) can be edited in zone apex - '@'.
  Zone name: test.be.
  Active zone: TRUE
  *Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
  Administrator e-mail address: hostmaster
  SOA serial: 1440071001
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;


[root@ns02 ~]# nslookup
> set q=SOA
> test.be
Server:         127.0.0.1
Address:        127.0.0.1#53

test.be
       * origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
        mail addr = hostmaster.test.be
        serial = 1440071001
        refresh = 3600
        retry = 900
        expire = 1209600
        minimum = 3600

As you can see the SOA record still shows the original default value.

Kind Regards,

David Dejaeghere
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to