Thank you again. The configuration does conform. On Tue, Jul 14, 2015 at 1:47 PM, Petr Spacek <pspa...@redhat.com> wrote: > On 14.7.2015 14:44, Sina Owolabi wrote: >> Thanks Petr. >> >> Can I assume that any fresh clients added to the IDM domain, is going >> to have both its forward and reverse records populated? > > Yes, as long as your configuration conforms with > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR > > Please let us know if you encounter any problems. > > Petr^2 Spacek > >> On Tue, Jul 14, 2015 at 1:10 PM, Petr Spacek <pspa...@redhat.com> wrote: >>> On 14.7.2015 10:28, Sina Owolabi wrote: >>>> Thanks Martin >>>> >>>> >>>> The expanded command shows all the output. Curiously, I still don't >>>> see any reverse addresses yet except on the reverse domain for this >>>> primary zone. Ive restarted the IPA servers in hopes of a Windows-y >>>> solution but it didn't help :-) >>> >>> SyncPTR does something only when the data change. I.e. it will do nothing if >>> your A/AAAA records are up to date (even if clients send update). >>> >>> I'm afraid that there is no pre-made tool to do the mass update, sorry. You >>> probably need to script something yourself. >>> >>> Petr^2 Spacek >>> >>>> output: >>>> ipa dnszone-show mydom.com --all >>>> dn: idnsname=mydom.com.,cn=dns,dc=mydom,dc=com >>>> Zone name: mydom.com. >>>> Active zone: TRUE >>>> Authoritative nameserver: dc.mydom.com. >>>> Administrator e-mail address: hostmaster.mydom.com. >>>> SOA serial: 1436861122 >>>> SOA refresh: 3600 >>>> SOA retry: 900 >>>> SOA expire: 1209600 >>>> SOA minimum: 3600 >>>> BIND update policy: grant mydom.COM krb5-self * A; grant mydom.COM >>>> krb5-self * AAAA; grant mydom.COM krb5-self * SSHFP; >>>> Dynamic update: TRUE >>>> Allow query: any; >>>> Allow transfer: none; >>>> Allow PTR sync: TRUE >>>> arecord: pu.bl.ic.add >>>> mxrecord: 0 mail.mydom.com. >>>> nsrecord: dc02.mydom.com., dc01.mydom.com., dc.mydom.com. >>>> objectclass: idnszone, top, idnsrecord >>>> >>>> On Tue, Jul 14, 2015 at 8:46 AM, Martin Basti <mba...@redhat.com> wrote: >>>>> On 13/07/15 19:58, Sina Owolabi wrote: >>>>>> >>>>>> Hi Martin >>>>>> >>>>>> Yes all my sssd configs are set ipa_dyndns_update = True >>>>>> I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set >>>>>> them. >>>>>> I've tried to set it in the very first zone (setup during >>>>>> installation) but dnszone-mod complains: >>>>>> >>>>>> # ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dynamic-update=TRUE >>>>>> ipa: ERROR: no modifications to be performed >>>>>> >>>>>> But I don't see it in the show command: >>>>>> >>>>>> ipa dnszone-show mydom.com >>>>>> Zone name: mydom.com. >>>>>> Active zone: TRUE >>>>>> Authoritative nameserver: services.mydom.com. >>>>>> Administrator e-mail address: hostmaster.mydom.com. >>>>>> SOA serial: 1436799166 >>>>>> SOA refresh: 3600 >>>>>> SOA retry: 900 >>>>>> SOA expire: 1209600 >>>>>> SOA minimum: 3600 >>>>>> Allow query: any; >>>>>> Allow transfer: none; >>>>> >>>>> You must use option --all >>>>> >>>>> ipa dnszone-show mydom.com --all >>>>> >>>>> >>>>> Martin >>>>> >>>>>> >>>>>> On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti <mba...@redhat.com> wrote: >>>>>>> >>>>>>> On 12/07/15 10:05, Sina Owolabi wrote: >>>>>>>> >>>>>>>> Hi >>>>>>>> >>>>>>>> I have several dns zones defined in IPA. I noticed recently that the >>>>>>>> zone files are empty. I find this odd because I created them like the >>>>>>>> example below. >>>>>>>> Is it possible to force clients to auto-update reverse zones? >>>>>>>> >>>>>>>> Thanks in advance! >>>>>>>> >>>>>>>> How I created all the zones: >>>>>>>> >>>>>>>> ipa dnszone-add 0.14.10.in-addr.arpa. --minimum=3000 >>>>>>>> --allow-sync-ptr=TRUE --dynamic-update >>>>>>>> Zone name: 0.14.10.in-addr.arpa. >>>>>>>> Active zone: TRUE >>>>>>>> Authoritative nameserver: services.ourdomain.com. >>>>>>>> Administrator e-mail address: hostmaster >>>>>>>> SOA serial: 1436688202 >>>>>>>> SOA refresh: 3600 >>>>>>>> SOA retry: 900 >>>>>>>> SOA expire: 1209600 >>>>>>>> SOA minimum: 3000 >>>>>>>> BIND update policy: grant QRIOS.COM krb5-subdomain >>>>>>>> 0.14.10.in-addr.arpa. PTR; >>>>>>>> Dynamic update: TRUE >>>>>>>> Allow query: any; >>>>>>>> Allow transfer: none; >>>>>>>> Allow PTR sync: TRUE >>>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> do you have --allow-sync-ptr=True configured in zones where the >>>>>>> particular >>>>>>> A/AAAA records are? >>>>>>> >>>>>>> SSSD is able to update records. >>>>>>> Please check if "dyndns_update" is set to true in sssd.conf. (man >>>>>>> sssd-ipa)
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project