IdM enables semi-automatic upgrades of the IdM DNS records on an external DNS server
To simplify updating the Identity Management (IdM) DNS records on an external DNS server, IdM introduces the "ipa dns-update-system-records --dry-run --out [file]" command. The command generates a list of records in a format accepted by the *nsupdate* utility.
You can use the generated file to update the records on the external DNS server by using a standard dynamic DNS update mechanism secured with the Transaction Signature (TSIG) protocol or the GSS algorithm for TSIG (GSS-TSIG).
For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/dns-updates-external.html.
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/6585
This is a lightweight, more manual version of integration with external DNS systems. Automatic integration will be covered by bug 1206607 .
`ipa dns-update-system-records` command provides a way to get a list of DNS records about of IPA servers and their services - the records which are maintained by IPA installers and DNS location support.
Output of this command is human readable, but it cannot be used for updating external DNS system without preprocessing.
`ipa dns-update-system-records` command should be enhanced so that it will provide an option to change format of its output to such which can then be directly consumed by nsupdate command both as file and standard input. The directives should update external DNS system to match IPA cofiguration.
Goal is to enable integration with external DNS system with minimum changes. It should be tested with both TSIG and GSS-TSIG auth metods (doesn't have to be part of the command output).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2017:2304