Bug 1422785

Summary: [Doc] [RFE] Semi-automatic integration with external DNS using nsupdate
Product: Red Hat Enterprise Linux 7 Reporter: Aneta Šteflová Petrová <apetrova>
Component: doc-Linux_Domain_Identity_Management_GuideAssignee: Aneta Šteflová Petrová <apetrova>
Status: CLOSED CURRENTRELEASE QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.3CC: ipa-maint, ipa-qe, ksiddiqu, mbasti, mkosek, ppicka, pvoborni, rcritten, rhel-docs
Target Milestone: rcKeywords: Documentation, FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1409628 Environment:
Last Closed: 2017-08-02 12:08:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1409628    
Bug Blocks: 1411762, 1425467    

Description Aneta Šteflová Petrová 2017-02-16 09:09:36 UTC 
+++ This bug was initially created as a clone of Bug #1409628 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/6585

This is a lightweight, more manual version of integration with external DNS systems. Automatic integration will be covered by bug 1206607 .

`ipa dns-update-system-records` command provides a way to get a list of DNS records about of IPA servers and their services - the records which are maintained by IPA installers and DNS location support.

Output of this command is human readable, but it cannot be used for updating external DNS system without preprocessing. 

`ipa dns-update-system-records` command should be enhanced so that it will provide an option to change format of its output to such which can then be directly consumed by nsupdate command both as file and standard input. The directives should update external DNS system to match IPA cofiguration.

Goal is to enable integration with external DNS system with minimum changes. It should be tested with both TSIG and GSS-TSIG auth metods (doesn't have to be part of the command output).

--- Additional comment from Martin Bašti on 2017-02-15 06:22:45 EST ---

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/7eb2ef61905a5c6ddf04237f0aa84e7585e1186d
https://fedorahosted.org/freeipa/changeset/5bd82174233095a3cccfbbf8524622440c31b10c
Comment 2 Aneta Šteflová Petrová 2017-02-21 12:16:11 UTC 
The doc update is now being reviewed.
Comment 8 Aneta Šteflová Petrová 2017-08-02 12:08:54 UTC 
This update is now available on the Customer Portal: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/dns-updates-external.html
Comment 9 Kaleem 2019-11-04 05:24:00 UTC 
clearing the needinfo