Bug 950030
| Summary: | Integrate realmdomains-* commands with IPA DNS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | mkosek, nsoman, sgoveas |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-3.2.1-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 10:38:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dmitri Pal
2013-04-09 13:38:06 UTC
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/a730b6e7b5e4eca754022fd3e0112ef597888c3b Details of the enhancements are in the Design linked to the upstream ticket. In short: When new forward zone is added to IPA DNS, a normalized realmdomains record is added and a TXT record _kerberos.$DOMAIN with IPA realm as its content is added. When DNS zone is deleted, a realmdomains record is deleted. When new realmdomains record is added (with realmdomains-mod --add-domain=DOMAIN), a TXT record _kerberos.$DOMAIN with IPA realm as its content is added. When realmdomains record (with realmdomains-mod --del-domain=DOMAIN) is deleted, TXT record _kerberos.$DOMAIN with IPA realm as its content is deleted. * Added a forwarder for newdom.qe domain [root@dhcp207-43 ~]# ipa dnszone-add newdom.qe --name-server=dhcp207-218.newdom.qe --admin-email=hostmaster --force --forwarder=10.65.207.218 --forward-policy=only --ip-address=10.65.207.218 Zone name: newdom.qe Authoritative nameserver: dhcp207-218.newdom.qe Administrator e-mail address: hostmaster.newdom.qe. SOA serial: 1389193862 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; Zone forwarders: 10.65.207.218 Forward policy: only * Domain is not added to the realmdomains list and no txt record is added as expected [root@dhcp207-43 ~]# ipa realmdomains-show Domain: testrelm.com [root@dhcp207-43 ~]# ipa dnsrecord-find newdom.qe Record name: @ NS record: dhcp207-218.newdom.qe. Record name: dhcp207-218 A record: 10.65.207.218 ---------------------------- Number of entries returned 2 ---------------------------- [root@dhcp207-43 ~]# ipa dnszone-add adlabs.com --name-server=win.adlabs.com --ip-address 10.65.207.6 --admin-email hostmaster.adlabs.com Zone name: adlabs.com Authoritative nameserver: win.adlabs.com Administrator e-mail address: hostmaster.adlabs.com. SOA serial: 1389194098 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@dhcp207-43 ~]# ipa realmdomains-show Domain: testrelm.com, adlabs.com [root@dhcp207-43 ~]# ipa dnsrecord-show adlabs.com Record name: _kerberos Record name: _kerberos TXT record: TESTRELM.COM [root@dhcp207-43 ~]# ipa realmdomains-mod --add-domain=newdom.qe Domain: testrelm.com, adlabs.com, newdom.qe [root@dhcp207-43 ~]# ipa dnsrecord-find newdom.qe Record name: @ NS record: dhcp207-218.newdom.qe Record name: _kerberos TXT record: TESTRELM.COM Record name: dhcp207-218.newdom.qe A record: 10.65.207.218 ---------------------------- Number of entries returned 3 ---------------------------- [root@dhcp207-43 ~]# ipa realmdomains-mod --del-domain=newdom.qe Domain: testrelm.com, adlabs.com [root@dhcp207-43 ~]# ipa dnsrecord-find newdom.qe Record name: @ NS record: dhcp207-218.newdom.qe Record name: dhcp207-218.newdom.qe A record: 10.65.207.218 ---------------------------- Number of entries returned 2 ---------------------------- [root@dhcp207-43 ~]# ipa dnszone-del adlabs.com ----------------------------- Deleted DNS zone "adlabs.com" ----------------------------- [root@dhcp207-43 ~]# ipa realmdomains-show Domain: testrelm.com Verified in version [root@dhcp207-43 ~]# rpm -q ipa-server ipa-server-3.3.3-8.el7.x86_64 This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |