On 14.7.2015 14:44, Sina Owolabi wrote: > Thanks Petr. > > Can I assume that any fresh clients added to the IDM domain, is going > to have both its forward and reverse records populated?
Yes, as long as your configuration conforms with https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR Please let us know if you encounter any problems. Petr^2 Spacek > On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek <pspa...@redhat.com> wrote: >> On 14.7.2015 10:28, Sina Owolabi wrote: >>> Thanks Martin >>> >>> >>> The expanded command shows all the output. Curiously, I still don't >>> see any reverse addresses yet except on the reverse domain for this >>> primary zone. Ive restarted the IPA servers in hopes of a Windows-y >>> solution but it didn't help :-) >> >> SyncPTR does something only when the data change. I.e. it will do nothing if >> your A/AAAA records are up to date (even if clients send update). >> >> I'm afraid that there is no pre-made tool to do the mass update, sorry. You >> probably need to script something yourself. >> >> Petr^2 Spacek >> >>> output: >>> ipa dnszone-show mydom.com --all >>> dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com >>> Zone name: mydom.com. >>> Active zone: TRUE >>> Authoritative nameserver: dc.mydom.com. >>> Administrator e-mail address: hostmaster.mydom.com. >>> SOA serial: 1436861122 >>> SOA refresh: 3600 >>> SOA retry: 900 >>> SOA expire: 1209600 >>> SOA minimum: 3600 >>> BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM >>> krb5-self * AAAA; grant mydom.COM krb5-self * SSHFP; >>> Dynamic update: TRUE >>> Allow query: any; >>> Allow transfer: none; >>> Allow PTR sync: TRUE >>> arecord: pu.bl.ic.add >>> mxrecord: 0 mail.mydom.com. >>> nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. >>> objectclass: idnszone, top, idnsrecord >>> >>> On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti <mba...@redhat.com> wrote: >>>> On 13/07/15 19:58, Sina Owolabi wrote: >>>>> >>>>> Hi Martin >>>>> >>>>> Yes all my sssd configs are set ipa_dyndns_update = True >>>>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>>>> them. >>>>> I've tried to set it in the very first zone (setup during >>>>> installation) but dnszone-mod complains: >>>>> >>>>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>>>> ipa: ERROR: no modifications to be performed >>>>> >>>>> But I don't see it in the show command: >>>>> >>>>> ipa dnszone-show mydom.com >>>>> Zone name: mydom.com. >>>>> Active zone: TRUE >>>>> Authoritative nameserver: services.mydom.com. >>>>> Administrator e-mail address: hostmaster.mydom.com. >>>>> SOA serial: 1436799166 >>>>> SOA refresh: 3600 >>>>> SOA retry: 900 >>>>> SOA expire: 1209600 >>>>> SOA minimum: 3600 >>>>> Allow query: any; >>>>> Allow transfer: none; >>>> >>>> You must use option --all >>>> >>>> ipa dnszone-show mydom.com --all >>>> >>>> >>>> Martin >>>> >>>>> >>>>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mba...@redhat.com> wrote: >>>>>> >>>>>> On 12/07/15 10:05, Sina Owolabi wrote: >>>>>>> >>>>>>> Hi >>>>>>> >>>>>>> I have several dns zones defined in IPA. I noticed recently that the >>>>>>> zone files are empty. I find this odd because I created them like the >>>>>>> example below. >>>>>>> Is it possible to force clients to auto-update reverse zones? >>>>>>> >>>>>>> Thanks in advance! >>>>>>> >>>>>>> How I created all the zones: >>>>>>> >>>>>>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>>>>>> --allow-sync-ptr=TRUE --dynamic-update >>>>>>> Zone name: 0.14.10.in-addr.arpa. >>>>>>> Active zone: TRUE >>>>>>> Authoritative nameserver: services.ourdomain.com. >>>>>>> Administrator e-mail address: hostmaster >>>>>>> SOA serial: 1436688202 >>>>>>> SOA refresh: 3600 >>>>>>> SOA retry: 900 >>>>>>> SOA expire: 1209600 >>>>>>> SOA minimum: 3000 >>>>>>> BIND update policy: grant QRIOS.COM krb5-subdomain >>>>>>> 0.14.10.in-addr.arpa. PTR; >>>>>>> Dynamic update: TRUE >>>>>>> Allow query: any; >>>>>>> Allow transfer: none; >>>>>>> Allow PTR sync: TRUE >>>>>>> >>>>>> Hello, >>>>>> >>>>>> do you have --allow-sync-ptr=True configured in zones where the >>>>>> particular >>>>>> A/AAAA records are? >>>>>> >>>>>> SSSD is able to update records. >>>>>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>>>>> sssd-ipa) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project