Thanks Martin
The expanded command shows all the output. Curiously, I still don't see any reverse addresses yet except on the reverse domain for this primary zone. Ive restarted the IPA servers in hopes of a Windows-y solution but it didn't help :-) output: ipa dnszone-show mydom.com --all dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com Zone name: mydom.com. Active zone: TRUE Authoritative nameserver: dc.mydom.com. Administrator e-mail address: hostmaster.mydom.com. SOA serial: 1436861122 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM krb5-self * AAAA; grant mydom.COM krb5-self * SSHFP; Dynamic update: TRUE Allow query: any; Allow transfer: none; Allow PTR sync: TRUE arecord: pu.bl.ic.add mxrecord: 0 mail.mydom.com. nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. objectclass: idnszone, top, idnsrecord On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti <mba...@redhat.com> wrote: > On 13/07/15 19:58, Sina Owolabi wrote: >> >> Hi Martin >> >> Yes all my sssd configs are set ipa_dyndns_update = True >> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >> them. >> I've tried to set it in the very first zone (setup during >> installation) but dnszone-mod complains: >> >> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >> ipa: ERROR: no modifications to be performed >> >> But I don't see it in the show command: >> >> ipa dnszone-show mydom.com >> Zone name: mydom.com. >> Active zone: TRUE >> Authoritative nameserver: services.mydom.com. >> Administrator e-mail address: hostmaster.mydom.com. >> SOA serial: 1436799166 >> SOA refresh: 3600 >> SOA retry: 900 >> SOA expire: 1209600 >> SOA minimum: 3600 >> Allow query: any; >> Allow transfer: none; > > You must use option --all > > ipa dnszone-show mydom.com --all > > > Martin > >> >> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mba...@redhat.com> wrote: >>> >>> On 12/07/15 10:05, Sina Owolabi wrote: >>>> >>>> Hi >>>> >>>> I have several dns zones defined in IPA. I noticed recently that the >>>> zone files are empty. I find this odd because I created them like the >>>> example below. >>>> Is it possible to force clients to auto-update reverse zones? >>>> >>>> Thanks in advance! >>>> >>>> How I created all the zones: >>>> >>>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>>> --allow-sync-ptr=TRUE --dynamic-update >>>> Zone name: 0.14.10.in-addr.arpa. >>>> Active zone: TRUE >>>> Authoritative nameserver: services.ourdomain.com. >>>> Administrator e-mail address: hostmaster >>>> SOA serial: 1436688202 >>>> SOA refresh: 3600 >>>> SOA retry: 900 >>>> SOA expire: 1209600 >>>> SOA minimum: 3000 >>>> BIND update policy: grant QRIOS.COM krb5-subdomain >>>> 0.14.10.in-addr.arpa. PTR; >>>> Dynamic update: TRUE >>>> Allow query: any; >>>> Allow transfer: none; >>>> Allow PTR sync: TRUE >>>> >>> Hello, >>> >>> do you have --allow-sync-ptr=True configured in zones where the >>> particular >>> A/AAAA records are? >>> >>> SSSD is able to update records. >>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>> sssd-ipa) >>> >>> -- >>> Martin Basti >>> > > > -- > Martin Basti > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
