Dear Alexander, Golden! We are in business - all puzzle pieces are in place so thank you very much for ongoing stamina with this. I'll write this all up so that someone else might take some value from it in the future.
Thank you again. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 13 Mar 2019, at 11:02, Alexander Bokovoy <aboko...@redhat.com<mailto:aboko...@redhat.com>> wrote: On ke, 13 maalis 2019, Callum Smith wrote: Dear Alexander, The last small wrinkle, setting the server options is fine and works well, but the DNS record creation still doesn't work. I see it queries the SOA record and then appears to use that as the server to send the changes to. I tried to set the SOA records for the virt.$domain realm, but it doesnt seem to overwrite the top-level SOA record: ipa dnszone-mod virt.in.bmrc.ox.ac.uk. --name-server ipa-a --admin-email ipa-a I note that admin-email appears to be the option that actually changes the record returned here, which was unexpected for me. There are three levels of overrides here: - /etc/named.conf can have 'fake_mname' defined - 'ipa dnsserver-*' commands allow to define per-server override with ipa dnsserver-mod <server> --soa-mname-override <some-server> - DNS zone SOA mname value If you have SOA mname overridden in the 'ipa dnsserver-show', it will override whatever is set in the zone. This is to allow DNS location specific updates to be localized to that location's DNS server. If you want to control it fully from the DNS zone settings, remove fake_mname from the /etc/named.conf and from the dnsserver's record: ipa dnsserver-mod <server> --soa-mname-override= (--soa-mname-override= sets it to empty value, meaning removal) --admin-email in the zone should not be affecting SOA mname at all. I suspect you saw it act conflated with the first two overrides. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
