On 08/20/2015 02:22 PM, Martin Basti wrote:



On 08/20/2015 01:48 PM, David Dejaeghere wrote:
Hi,

I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details.

For example I add a zone test.be <http://test.be> and change the mname record.

[root@ns02 ~]# ipa dnszone-add
Zone name: test.be <http://test.be>
  Zone name: test.be <http://test.be>.
  Active zone: TRUE
* Authoritative nameserver: ns02.tokiogroup.be <http://ns02.tokiogroup.be>.*
  Administrator e-mail address: hostmaster
  SOA serial: 1440070999
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
BIND update policy: grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self * A; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self * AAAA; grant TOKIOGROUP.BE <http://TOKIOGROUP.BE> krb5-self *
                      SSHFP;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
[root@ns02 ~]# ipa dnszone-mod --nameserver
anaconda-ks.cfg  .bash_logout     .bashrc .ipa/            .ssh/
.bash_history    .bash_profile    .cshrc .pki/            .tcshrc


[root@ns02 ~]# ipa dnszone-mod --name-server*ns7.tokiogroup.be <http://ns7.tokiogroup.be>*.
Zone name: test.be <http://test.be>
ipa: WARNING: Semantic of setting Authoritative nameserver was changed. It is used only for setting the SOA MNAME attribute.
NS record(s) can be edited in zone apex - '@'.
  Zone name: test.be <http://test.be>.
  Active zone: TRUE
*Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.*
  Administrator e-mail address: hostmaster
  SOA serial: 1440071001
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;


[root@ns02 ~]# nslookup
> set q=SOA
> test.be <http://test.be>
Server:         127.0.0.1
Address:        127.0.0.1#53

test.be <http://test.be>
*origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>*
        mail addr = hostmaster.test.be <http://hostmaster.test.be>
        serial = 1440071001
        refresh = 3600
        retry = 900
        expire = 1209600
        minimum = 3600

As you can see the SOA record still shows the original default value.

Kind Regards,

David Dejaeghere



Thank you for this bug report.
I opened bind-dyndb-ldap ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/159

Martin


I maybe found why do you have this issue,

do you have fake_mname configured in bind_dyndb_ldap section of named.conf?
If yes then remove this option to use SOA MNAME from LDAP.

Martin
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to