Re: [Freeipa-users] Removing DNS component
On 08/12/2016 17:05, Martin Basti wrote: I suggest to keep DNS tree there and all permissions, just remove all zones using IPA API and disable DNS service and dnssyncd service in LDAP, because removing DNS completely is unsupported and untested dn: cn=DNS,cn=vm-028.ipa.test,cn=masters,cn=ipa,cn=etc,$SUFFIX objectClass: ipaConfigObject objectClass: nsContainer objectClass: top ipaConfigString: startOrder 30 ipaConfigString: enabledService <--- remove this cn: DNS dn: cn=DNSKeySync,cn=vm-028.ipa.test,cn=masters,cn=ipa,$SUFFIX objectClass: nsContainer objectClass: top ipaConfigString: dnssecVersion 1 ipaConfigString: startOrder 110 ipaConfigString: enabledService < remove this cn: DNSKeySync It will keep ipa dns* command working but without any effect That did the job - nothing listening on port 53 now. Thank you! Regards, Brian. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Removing DNS component
On 08.12.2016 12:01, Brian Candler wrote: FreeIPA (4.2.0) was installed with the DNS component enabled, but I want to pull this out. Is it possible to remove it and clean up the records which were already there? e.g. is it sufficient just to delete everything under cn=dns,dc=example,dc=com ? I notice there are bunch of permissions entries in other parts of the tree which reference these with ipaPermTarget, do they have to go too? Or would I have to re-install from scratch? Thanks, Brian. Hello, I suggest to keep DNS tree there and all permissions, just remove all zones using IPA API and disable DNS service and dnssyncd service in LDAP, because removing DNS completely is unsupported and untested dn: cn=DNS,cn=vm-028.ipa.test,cn=masters,cn=ipa,cn=etc,$SUFFIX objectClass: ipaConfigObject objectClass: nsContainer objectClass: top ipaConfigString: startOrder 30 ipaConfigString: enabledService <--- remove this cn: DNS dn: cn=DNSKeySync,cn=vm-028.ipa.test,cn=masters,cn=ipa,$SUFFIX objectClass: nsContainer objectClass: top ipaConfigString: dnssecVersion 1 ipaConfigString: startOrder 110 ipaConfigString: enabledService < remove this cn: DNSKeySync It will keep ipa dns* command working but without any effect in case you *really* want to remove DNS completely, disable services ^, and revert everything added by https://github.com/freeipa/freeipa/blob/master/install/share/dns.ldif and https://github.com/freeipa/freeipa/blob/master/install/share/dnssec.ldif But unsupported, nobody knows what may happen. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Removing DNS component
FreeIPA (4.2.0) was installed with the DNS component enabled, but I want to pull this out. Is it possible to remove it and clean up the records which were already there? e.g. is it sufficient just to delete everything under cn=dns,dc=example,dc=com ? I notice there are bunch of permissions entries in other parts of the tree which reference these with ipaPermTarget, do they have to go too? Or would I have to re-install from scratch? Thanks, Brian. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project