Re: [Freeipa-users] DNS / Allow PTR sync
On 11/06/2012 10:38 AM, Petr Spacek wrote: > Hello Mike, > > are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On > which distribution and IPA version? > > On 11/05/2012 10:35 PM, Michael Mercier wrote: >> Hello, >> >> A couple of questions regarding DNS / Allow PTR sync. >> >> 1. If you have a zone 'example.com' and you enable "Allow PTR sync", should >> you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)? > In webUI - just check the box "Create reverse" while adding a new A record. > "Allow PTR sync" affects only DNS dynamic update. > >> 2. Do you have to wait a specified amount of time for the PTR record to be >> removed after you remove a host? > No, you don't. Change in webUI should be done immediately. For some time you > can see old data on DNS clients because DNS caches all the data extensively. > >> >> e.g. >> >> 1. Add 'testhost', 192.168.10.10 to 'example.com' (with Allow PTR sync >> enabled on the zone) with 'Create reverse' enabled. >> 2. Remove 'testhost' from 'example.com' >> 3. Check 168.192.in-addr.arpa. zone and host 'testhost' still exists. Did you have "Remove entries from DNS" checkbox checked when removing a host? Alternatively, you would need to use --updatedns option if you were running it via CLI. If yes, then please file a ticket as Petr suggested. Thank you, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] DNS / Allow PTR sync
Hello Mike, are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On which distribution and IPA version? On 11/05/2012 10:35 PM, Michael Mercier wrote: Hello, A couple of questions regarding DNS / Allow PTR sync. 1. If you have a zone 'example.com' and you enable "Allow PTR sync", should you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)? In webUI - just check the box "Create reverse" while adding a new A record. "Allow PTR sync" affects only DNS dynamic update. 2. Do you have to wait a specified amount of time for the PTR record to be removed after you remove a host? No, you don't. Change in webUI should be done immediately. For some time you can see old data on DNS clients because DNS caches all the data extensively. e.g. 1. Add 'testhost', 192.168.10.10 to 'example.com' (with Allow PTR sync enabled on the zone) with 'Create reverse' enabled. 2. Remove 'testhost' from 'example.com' 3. Check 168.192.in-addr.arpa. zone and host 'testhost' still exists. Seems like a bug to me, please file a ticket: https://fedorahosted.org/freeipa/newticket You will be prompted for Fedora account, registration link is: https://admin.fedoraproject.org/accounts/user/new Also, please note limitations of syncPTR on DNS server - it affects DNS dynamic updates: * If the change was made through IPA CLI/WebUI/LDAP directly - it does nothing in any case. * If idnsAllowSyncPTR = true and any A or record was changed through DNS dynamic update mechanism - PTR is automatically updated. * Change is synchronized only if reverse zone is part of LDAP and have dynamic updates allowed (idnsAllowDynUpdate = TRUE). * Enabling idnsAllowSyncPTR will not affect existing records as long as they are not updated though DNS dynamic updates. -- Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] DNS / Allow PTR sync
On 11/05/2012 04:35 PM, Michael Mercier wrote: > Hello, > > A couple of questions regarding DNS / Allow PTR sync. > > 1. If you have a zone 'example.com' and you enable "Allow PTR sync", should > you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)? > 2. Do you have to wait a specified amount of time for the PTR record to be > removed after you remove a host? > > e.g. > > 1. Add 'testhost', 192.168.10.10 to 'example.com' (with Allow PTR sync > enabled on the zone) with 'Create reverse' enabled. > 2. Remove 'testhost' from 'example.com' > 3. Check 168.192.in-addr.arpa. zone and host 'testhost' still exists. Which version you are using? Do you use #ipa host-del --updatedns when delete host? > > Thanks, > Mike > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
