confirmed working. Does this default value make any sense if this value is changeable in the UI and using the IPA client?
Kind Regards, David 2015-08-20 14:38 GMT+02:00 Martin Basti <mba...@redhat.com>: > > > On 08/20/2015 02:35 PM, David Dejaeghere wrote: > > Aha, > > Correct. But i never set this. This option seems to be set by default. > I verified this issue on multiple installs. It seems they all have this > option set by default? > > Can i safely change named.conf without fearing my modifications will be > lost on an update? > > Kind Regards, > > David > > (Adding freeipa-users back) > > I checked code, it is default. > > You can change named.conf, upgrade will not replace it. > > Martin > > > 2015-08-20 14:32 GMT+02:00 Martin Basti <mba...@redhat.com>: > >> >> On 08/20/2015 02:22 PM, Martin Basti wrote: >> >> >> >> On 08/20/2015 01:48 PM, David Dejaeghere wrote: >> >> Hi, >> >> I noticed that changing the authoritarive nameserver in FreeIPA reflects >> correctly to its directory data but bind will not resolve the soa record >> with the updated mname details. >> >> For example I add a zone test.be and change the mname record. >> >> [root@ns02 ~]# ipa dnszone-add >> Zone name: test.be >> Zone name: test.be. >> Active zone: TRUE >> * Authoritative nameserver: ns02.tokiogroup.be >> <http://ns02.tokiogroup.be>.* >> Administrator e-mail address: hostmaster >> SOA serial: 1440070999 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3600 >> BIND update policy: grant TOKIOGROUP.BE krb5-self * A; grant >> TOKIOGROUP.BE krb5-self * AAAA; grant TOKIOGROUP.BE krb5-self * >> SSHFP; >> Dynamic update: FALSE >> Allow query: any; >> Allow transfer: none; >> [root@ns02 ~]# ipa dnszone-mod --nameserver >> anaconda-ks.cfg .bash_logout .bashrc .ipa/ .ssh/ >> .bash_history .bash_profile .cshrc .pki/ >> .tcshrc >> >> >> [root@ns02 ~]# ipa dnszone-mod --name-server* ns7.tokiogroup.be >> <http://ns7.tokiogroup.be>*. >> Zone name: test.be >> ipa: WARNING: Semantic of setting Authoritative nameserver was changed. >> It is used only for setting the SOA MNAME attribute. >> NS record(s) can be edited in zone apex - '@'. >> Zone name: test.be. >> Active zone: TRUE >> *Authoritative nameserver: ns7.tokiogroup.be >> <http://ns7.tokiogroup.be>.* >> Administrator e-mail address: hostmaster >> SOA serial: 1440071001 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3600 >> Allow query: any; >> Allow transfer: none; >> >> >> [root@ns02 ~]# nslookup >> > set q=SOA >> > test.be >> Server: 127.0.0.1 >> Address: 127.0.0.1#53 >> >> test.be >> * origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>* >> mail addr = hostmaster.test.be >> serial = 1440071001 >> refresh = 3600 >> retry = 900 >> expire = 1209600 >> minimum = 3600 >> >> As you can see the SOA record still shows the original default value. >> >> Kind Regards, >> >> David Dejaeghere >> >> >> >> Thank you for this bug report. >> I opened bind-dyndb-ldap ticket >> <https://fedorahosted.org/bind-dyndb-ldap/ticket/159> >> https://fedorahosted.org/bind-dyndb-ldap/ticket/159 >> >> Martin >> >> >> I maybe found why do you have this issue, >> >> do you have fake_mname configured in bind_dyndb_ldap section of >> named.conf? >> If yes then remove this option to use SOA MNAME from LDAP. >> >> Martin >> > > >
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code