Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
I restarted network services on the host, then I restarted sssd again. The record appeared! On Tue, Jul 14, 2015 at 3:50 PM, Sina Owolabi wrote: > I removed the A record and restarted SSSD. > The DNS record did not update. > > On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti wrote: >> On 13/07/15 19:58, Sina Owolabi wrote: >>> >>> Hi Martin >>> >>> Yes all my sssd configs are set ipa_dyndns_update = True >>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>> them. >>> I've tried to set it in the very first zone (setup during >>> installation) but dnszone-mod complains: >>> >>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>> ipa: ERROR: no modifications to be performed >>> >>> But I don't see it in the show command: >>> >>> ipa dnszone-show mydom.com >>>Zone name: mydom.com. >>>Active zone: TRUE >>>Authoritative nameserver: services.mydom.com. >>>Administrator e-mail address: hostmaster.mydom.com. >>>SOA serial: 1436799166 >>>SOA refresh: 3600 >>>SOA retry: 900 >>>SOA expire: 1209600 >>>SOA minimum: 3600 >>>Allow query: any; >>>Allow transfer: none; >>> >>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: On 12/07/15 10:05, Sina Owolabi wrote: > > Hi > > I have several dns zones defined in IPA. I noticed recently that the > zone files are empty. I find this odd because I created them like the > example below. > Is it possible to force clients to auto-update reverse zones? > > Thanks in advance! > > How I created all the zones: > >ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 > --allow-sync-ptr=TRUE --dynamic-update > Zone name: 0.14.10.in-addr.arpa. > Active zone: TRUE > Authoritative nameserver: services.ourdomain.com. > Administrator e-mail address: hostmaster > SOA serial: 1436688202 > SOA refresh: 3600 > SOA retry: 900 > SOA expire: 1209600 > SOA minimum: 3000 > BIND update policy: grant QRIOS.COM krb5-subdomain > 0.14.10.in-addr.arpa. PTR; > Dynamic update: TRUE > Allow query: any; > Allow transfer: none; > Allow PTR sync: TRUE > Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti >> >> Can you try to restart SSSD, or to remove the A record and then restart SSSD >> on the particular host? >> >> -- >> Martin Basti >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 14/07/15 16:52, Sina Owolabi wrote: I restarted network services on the host, then I restarted sssd again. The record appeared! Great :) On Tue, Jul 14, 2015 at 3:50 PM, Sina Owolabi wrote: I removed the A record and restarted SSSD. The DNS record did not update. On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti wrote: On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone (setup during installation) but dnszone-mod complains: # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE ipa: ERROR: no modifications to be performed But I don't see it in the show command: ipa dnszone-show mydom.com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: services.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti Can you try to restart SSSD, or to remove the A record and then restart SSSD on the particular host? -- Martin Basti -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
I removed the A record and restarted SSSD. The DNS record did not update. On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti wrote: > On 13/07/15 19:58, Sina Owolabi wrote: >> >> Hi Martin >> >> Yes all my sssd configs are set ipa_dyndns_update = True >> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >> them. >> I've tried to set it in the very first zone (setup during >> installation) but dnszone-mod complains: >> >> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >> ipa: ERROR: no modifications to be performed >> >> But I don't see it in the show command: >> >> ipa dnszone-show mydom.com >>Zone name: mydom.com. >>Active zone: TRUE >>Authoritative nameserver: services.mydom.com. >>Administrator e-mail address: hostmaster.mydom.com. >>SOA serial: 1436799166 >>SOA refresh: 3600 >>SOA retry: 900 >>SOA expire: 1209600 >>SOA minimum: 3600 >>Allow query: any; >>Allow transfer: none; >> >> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: >>> >>> On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE >>> Hello, >>> >>> do you have --allow-sync-ptr=True configured in zones where the >>> particular >>> A/ records are? >>> >>> SSSD is able to update records. >>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>> sssd-ipa) >>> >>> -- >>> Martin Basti >>> > > Can you try to restart SSSD, or to remove the A record and then restart SSSD > on the particular host? > > -- > Martin Basti > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone (setup during installation) but dnszone-mod complains: # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE ipa: ERROR: no modifications to be performed But I don't see it in the show command: ipa dnszone-show mydom.com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: services.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti Can you try to restart SSSD, or to remove the A record and then restart SSSD on the particular host? -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
Thank you again. The configuration does conform. On Tue, Jul 14, 2015 at 1:47 PM, Petr Spacek wrote: > On 14.7.2015 14:44, Sina Owolabi wrote: >> Thanks Petr. >> >> Can I assume that any fresh clients added to the IDM domain, is going >> to have both its forward and reverse records populated? > > Yes, as long as your configuration conforms with > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR > > Please let us know if you encounter any problems. > > Petr^2 Spacek > >> On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek wrote: >>> On 14.7.2015 10:28, Sina Owolabi wrote: Thanks Martin The expanded command shows all the output. Curiously, I still don't see any reverse addresses yet except on the reverse domain for this primary zone. Ive restarted the IPA servers in hopes of a Windows-y solution but it didn't help :-) >>> >>> SyncPTR does something only when the data change. I.e. it will do nothing if >>> your A/ records are up to date (even if clients send update). >>> >>> I'm afraid that there is no pre-made tool to do the mass update, sorry. You >>> probably need to script something yourself. >>> >>> Petr^2 Spacek >>> output: ipa dnszone-show mydom.com --all dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: dc.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436861122 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM krb5-self * ; grant mydom.COM krb5-self * SSHFP; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE arecord: pu.bl.ic.add mxrecord: 0 mail.mydom.com. nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. objectclass: idnszone, top, idnsrecord On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti wrote: > On 13/07/15 19:58, Sina Owolabi wrote: >> >> Hi Martin >> >> Yes all my sssd configs are set ipa_dyndns_update = True >> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >> them. >> I've tried to set it in the very first zone (setup during >> installation) but dnszone-mod complains: >> >> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >> ipa: ERROR: no modifications to be performed >> >> But I don't see it in the show command: >> >> ipa dnszone-show mydom.com >>Zone name: mydom.com. >>Active zone: TRUE >>Authoritative nameserver: services.mydom.com. >>Administrator e-mail address: hostmaster.mydom.com. >>SOA serial: 1436799166 >>SOA refresh: 3600 >>SOA retry: 900 >>SOA expire: 1209600 >>SOA minimum: 3600 >>Allow query: any; >>Allow transfer: none; > > You must use option --all > > ipa dnszone-show mydom.com --all > > > Martin > >> >> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: >>> >>> On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE >>> Hello, >>> >>> do you have --allow-sync-ptr=True configured in zones where the >>> particular >>> A/ records are? >>> >>> SSSD is able to update records. >>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>> sssd-ipa) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 14.7.2015 14:44, Sina Owolabi wrote: > Thanks Petr. > > Can I assume that any fresh clients added to the IDM domain, is going > to have both its forward and reverse records populated? Yes, as long as your configuration conforms with https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR Please let us know if you encounter any problems. Petr^2 Spacek > On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek wrote: >> On 14.7.2015 10:28, Sina Owolabi wrote: >>> Thanks Martin >>> >>> >>> The expanded command shows all the output. Curiously, I still don't >>> see any reverse addresses yet except on the reverse domain for this >>> primary zone. Ive restarted the IPA servers in hopes of a Windows-y >>> solution but it didn't help :-) >> >> SyncPTR does something only when the data change. I.e. it will do nothing if >> your A/ records are up to date (even if clients send update). >> >> I'm afraid that there is no pre-made tool to do the mass update, sorry. You >> probably need to script something yourself. >> >> Petr^2 Spacek >> >>> output: >>> ipa dnszone-show mydom.com --all >>> dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com >>> Zone name: mydom.com. >>> Active zone: TRUE >>> Authoritative nameserver: dc.mydom.com. >>> Administrator e-mail address: hostmaster.mydom.com. >>> SOA serial: 1436861122 >>> SOA refresh: 3600 >>> SOA retry: 900 >>> SOA expire: 1209600 >>> SOA minimum: 3600 >>> BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM >>> krb5-self * ; grant mydom.COM krb5-self * SSHFP; >>> Dynamic update: TRUE >>> Allow query: any; >>> Allow transfer: none; >>> Allow PTR sync: TRUE >>> arecord: pu.bl.ic.add >>> mxrecord: 0 mail.mydom.com. >>> nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. >>> objectclass: idnszone, top, idnsrecord >>> >>> On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti wrote: On 13/07/15 19:58, Sina Owolabi wrote: > > Hi Martin > > Yes all my sssd configs are set ipa_dyndns_update = True > I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set > them. > I've tried to set it in the very first zone (setup during > installation) but dnszone-mod complains: > > # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE > ipa: ERROR: no modifications to be performed > > But I don't see it in the show command: > > ipa dnszone-show mydom.com >Zone name: mydom.com. >Active zone: TRUE >Authoritative nameserver: services.mydom.com. >Administrator e-mail address: hostmaster.mydom.com. >SOA serial: 1436799166 >SOA refresh: 3600 >SOA retry: 900 >SOA expire: 1209600 >SOA minimum: 3600 >Allow query: any; >Allow transfer: none; You must use option --all ipa dnszone-show mydom.com --all Martin > > On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: >> >> On 12/07/15 10:05, Sina Owolabi wrote: >>> >>> Hi >>> >>> I have several dns zones defined in IPA. I noticed recently that the >>> zone files are empty. I find this odd because I created them like the >>> example below. >>> Is it possible to force clients to auto-update reverse zones? >>> >>> Thanks in advance! >>> >>> How I created all the zones: >>> >>>ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>> --allow-sync-ptr=TRUE --dynamic-update >>> Zone name: 0.14.10.in-addr.arpa. >>> Active zone: TRUE >>> Authoritative nameserver: services.ourdomain.com. >>> Administrator e-mail address: hostmaster >>> SOA serial: 1436688202 >>> SOA refresh: 3600 >>> SOA retry: 900 >>> SOA expire: 1209600 >>> SOA minimum: 3000 >>> BIND update policy: grant QRIOS.COM krb5-subdomain >>> 0.14.10.in-addr.arpa. PTR; >>> Dynamic update: TRUE >>> Allow query: any; >>> Allow transfer: none; >>> Allow PTR sync: TRUE >>> >> Hello, >> >> do you have --allow-sync-ptr=True configured in zones where the >> particular >> A/ records are? >> >> SSSD is able to update records. >> Please check if "dyndns_update" is set to true in sssd.conf. (man >> sssd-ipa) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
Thanks Petr. Can I assume that any fresh clients added to the IDM domain, is going to have both its forward and reverse records populated? On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek wrote: > On 14.7.2015 10:28, Sina Owolabi wrote: >> Thanks Martin >> >> >> The expanded command shows all the output. Curiously, I still don't >> see any reverse addresses yet except on the reverse domain for this >> primary zone. Ive restarted the IPA servers in hopes of a Windows-y >> solution but it didn't help :-) > > SyncPTR does something only when the data change. I.e. it will do nothing if > your A/ records are up to date (even if clients send update). > > I'm afraid that there is no pre-made tool to do the mass update, sorry. You > probably need to script something yourself. > > Petr^2 Spacek > >> output: >> ipa dnszone-show mydom.com --all >> dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com >> Zone name: mydom.com. >> Active zone: TRUE >> Authoritative nameserver: dc.mydom.com. >> Administrator e-mail address: hostmaster.mydom.com. >> SOA serial: 1436861122 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3600 >> BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM >> krb5-self * ; grant mydom.COM krb5-self * SSHFP; >> Dynamic update: TRUE >> Allow query: any; >> Allow transfer: none; >> Allow PTR sync: TRUE >> arecord: pu.bl.ic.add >> mxrecord: 0 mail.mydom.com. >> nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. >> objectclass: idnszone, top, idnsrecord >> >> On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti wrote: >>> On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone (setup during installation) but dnszone-mod complains: # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE ipa: ERROR: no modifications to be performed But I don't see it in the show command: ipa dnszone-show mydom.com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: services.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; >>> >>> You must use option --all >>> >>> ipa dnszone-show mydom.com --all >>> >>> >>> Martin >>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: > > On 12/07/15 10:05, Sina Owolabi wrote: >> >> Hi >> >> I have several dns zones defined in IPA. I noticed recently that the >> zone files are empty. I find this odd because I created them like the >> example below. >> Is it possible to force clients to auto-update reverse zones? >> >> Thanks in advance! >> >> How I created all the zones: >> >>ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >> --allow-sync-ptr=TRUE --dynamic-update >> Zone name: 0.14.10.in-addr.arpa. >> Active zone: TRUE >> Authoritative nameserver: services.ourdomain.com. >> Administrator e-mail address: hostmaster >> SOA serial: 1436688202 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3000 >> BIND update policy: grant QRIOS.COM krb5-subdomain >> 0.14.10.in-addr.arpa. PTR; >> Dynamic update: TRUE >> Allow query: any; >> Allow transfer: none; >> Allow PTR sync: TRUE >> > Hello, > > do you have --allow-sync-ptr=True configured in zones where the > particular > A/ records are? > > SSSD is able to update records. > Please check if "dyndns_update" is set to true in sssd.conf. (man > sssd-ipa) > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 14.7.2015 10:28, Sina Owolabi wrote: > Thanks Martin > > > The expanded command shows all the output. Curiously, I still don't > see any reverse addresses yet except on the reverse domain for this > primary zone. Ive restarted the IPA servers in hopes of a Windows-y > solution but it didn't help :-) SyncPTR does something only when the data change. I.e. it will do nothing if your A/ records are up to date (even if clients send update). I'm afraid that there is no pre-made tool to do the mass update, sorry. You probably need to script something yourself. Petr^2 Spacek > output: > ipa dnszone-show mydom.com --all > dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com > Zone name: mydom.com. > Active zone: TRUE > Authoritative nameserver: dc.mydom.com. > Administrator e-mail address: hostmaster.mydom.com. > SOA serial: 1436861122 > SOA refresh: 3600 > SOA retry: 900 > SOA expire: 1209600 > SOA minimum: 3600 > BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM > krb5-self * ; grant mydom.COM krb5-self * SSHFP; > Dynamic update: TRUE > Allow query: any; > Allow transfer: none; > Allow PTR sync: TRUE > arecord: pu.bl.ic.add > mxrecord: 0 mail.mydom.com. > nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. > objectclass: idnszone, top, idnsrecord > > On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti wrote: >> On 13/07/15 19:58, Sina Owolabi wrote: >>> >>> Hi Martin >>> >>> Yes all my sssd configs are set ipa_dyndns_update = True >>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>> them. >>> I've tried to set it in the very first zone (setup during >>> installation) but dnszone-mod complains: >>> >>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>> ipa: ERROR: no modifications to be performed >>> >>> But I don't see it in the show command: >>> >>> ipa dnszone-show mydom.com >>>Zone name: mydom.com. >>>Active zone: TRUE >>>Authoritative nameserver: services.mydom.com. >>>Administrator e-mail address: hostmaster.mydom.com. >>>SOA serial: 1436799166 >>>SOA refresh: 3600 >>>SOA retry: 900 >>>SOA expire: 1209600 >>>SOA minimum: 3600 >>>Allow query: any; >>>Allow transfer: none; >> >> You must use option --all >> >> ipa dnszone-show mydom.com --all >> >> >> Martin >> >>> >>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: On 12/07/15 10:05, Sina Owolabi wrote: > > Hi > > I have several dns zones defined in IPA. I noticed recently that the > zone files are empty. I find this odd because I created them like the > example below. > Is it possible to force clients to auto-update reverse zones? > > Thanks in advance! > > How I created all the zones: > >ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 > --allow-sync-ptr=TRUE --dynamic-update > Zone name: 0.14.10.in-addr.arpa. > Active zone: TRUE > Authoritative nameserver: services.ourdomain.com. > Administrator e-mail address: hostmaster > SOA serial: 1436688202 > SOA refresh: 3600 > SOA retry: 900 > SOA expire: 1209600 > SOA minimum: 3000 > BIND update policy: grant QRIOS.COM krb5-subdomain > 0.14.10.in-addr.arpa. PTR; > Dynamic update: TRUE > Allow query: any; > Allow transfer: none; > Allow PTR sync: TRUE > Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
Thanks Martin The expanded command shows all the output. Curiously, I still don't see any reverse addresses yet except on the reverse domain for this primary zone. Ive restarted the IPA servers in hopes of a Windows-y solution but it didn't help :-) output: ipa dnszone-show mydom.com --all dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: dc.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436861122 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM krb5-self * ; grant mydom.COM krb5-self * SSHFP; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE arecord: pu.bl.ic.add mxrecord: 0 mail.mydom.com. nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. objectclass: idnszone, top, idnsrecord On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti wrote: > On 13/07/15 19:58, Sina Owolabi wrote: >> >> Hi Martin >> >> Yes all my sssd configs are set ipa_dyndns_update = True >> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >> them. >> I've tried to set it in the very first zone (setup during >> installation) but dnszone-mod complains: >> >> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >> ipa: ERROR: no modifications to be performed >> >> But I don't see it in the show command: >> >> ipa dnszone-show mydom.com >>Zone name: mydom.com. >>Active zone: TRUE >>Authoritative nameserver: services.mydom.com. >>Administrator e-mail address: hostmaster.mydom.com. >>SOA serial: 1436799166 >>SOA refresh: 3600 >>SOA retry: 900 >>SOA expire: 1209600 >>SOA minimum: 3600 >>Allow query: any; >>Allow transfer: none; > > You must use option --all > > ipa dnszone-show mydom.com --all > > > Martin > >> >> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: >>> >>> On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE >>> Hello, >>> >>> do you have --allow-sync-ptr=True configured in zones where the >>> particular >>> A/ records are? >>> >>> SSSD is able to update records. >>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>> sssd-ipa) >>> >>> -- >>> Martin Basti >>> > > > -- > Martin Basti > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone (setup during installation) but dnszone-mod complains: # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE ipa: ERROR: no modifications to be performed But I don't see it in the show command: ipa dnszone-show mydom.com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: services.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; You must use option --all ipa dnszone-show mydom.com --all Martin On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone (setup during installation) but dnszone-mod complains: # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE ipa: ERROR: no modifications to be performed But I don't see it in the show command: ipa dnszone-show mydom.com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: services.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti wrote: > On 12/07/15 10:05, Sina Owolabi wrote: >> >> Hi >> >> I have several dns zones defined in IPA. I noticed recently that the >> zone files are empty. I find this odd because I created them like the >> example below. >> Is it possible to force clients to auto-update reverse zones? >> >> Thanks in advance! >> >> How I created all the zones: >> >> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >> --allow-sync-ptr=TRUE --dynamic-update >>Zone name: 0.14.10.in-addr.arpa. >>Active zone: TRUE >>Authoritative nameserver: services.ourdomain.com. >>Administrator e-mail address: hostmaster >>SOA serial: 1436688202 >>SOA refresh: 3600 >>SOA retry: 900 >>SOA expire: 1209600 >>SOA minimum: 3000 >>BIND update policy: grant QRIOS.COM krb5-subdomain >> 0.14.10.in-addr.arpa. PTR; >>Dynamic update: TRUE >>Allow query: any; >>Allow transfer: none; >>Allow PTR sync: TRUE >> > Hello, > > do you have --allow-sync-ptr=True configured in zones where the particular > A/ records are? > > SSSD is able to update records. > Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) > > -- > Martin Basti > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates
On 12/07/15 10:05, Sina Owolabi wrote: Hi I have several dns zones defined in IPA. I noticed recently that the zone files are empty. I find this odd because I created them like the example below. Is it possible to force clients to auto-update reverse zones? Thanks in advance! How I created all the zones: ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 --allow-sync-ptr=TRUE --dynamic-update Zone name: 0.14.10.in-addr.arpa. Active zone: TRUE Authoritative nameserver: services.ourdomain.com. Administrator e-mail address: hostmaster SOA serial: 1436688202 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 BIND update policy: grant QRIOS.COM krb5-subdomain 0.14.10.in-addr.arpa. PTR; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE Hello, do you have --allow-sync-ptr=True configured in zones where the particular A/ records are? SSSD is able to update records. Please check if "dyndns_update" is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project