Red Hat Bugzilla – Bug 798355
Fill DNS update policy by default
Last modified: 2015-05-20 11:46:46 EDT
This bug is created as a clone of upstream ticket:
For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, one need to create also an update policy:
ipa dnszone-mod example.com --dynamic-update=TRUE \
--update-policy="grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;"
It can be difficult to create this policy for regular users, we should rather fill the policy by default and let user just switch dynamic updates to on or off:
ipa dnszone-mod example.com --dynamic-update=TRUE
ipa dnszone-mod example.com --dynamic-update=FALSE
Forward and reverse zone has update policy is now automatically generated when the zone is being created.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.