Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/79 Zone without `idnsUpdatePolicy` attribute causes following error message each `zone_refresh` seconds: {{{ 07-Jun-2012 17:15:56.140 zone zone.example/IN: zone serial (2012060301) unchanged. zone may fail to transfer to slaves. }}} LDIF with example zone is attached. **Workaround** Define `idnsUpdatePolicy` attribute (e.g. `grant E.EXAMPLE krb5-self * A;`) and set `idnsAllowDynUpdate` to `FALSE`. Dynamic updates will remain disabled and error message will not be logged.
Clearer workaround: For each zone (e.g. "example.com") which spams the log execute: $ ipa dnszone-mode example.com --dynamic-update=FALSE $ ipa dnszone-mode example.com --update-policy='/**/' This bug was fixed in upstrem release 2.4.
Verified using bind-dyndb-ldap-2.3-5.el6.i686, ipa-server-3.0.0-37.el6.i686 1> Added a new zone: # ipa dnszone-add Authoritative nameserver: ipaqa64vmj.testrelm.com. Zone name: example Administrator e-mail address [hostmaster.example.]: Zone name: example Authoritative nameserver: <$serverhostname>. Administrator e-mail address: hostmaster.example. SOA serial: 1381865595 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; 2> Made sure this zone does not have the `idnsUpdatePolicy` attribute # ipa dnszone-mod example --update-policy="" Zone name: example Authoritative nameserver: <$serverhostname>. Administrator e-mail address: hostmaster.example. SOA serial: 1381865667 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; 3> Updated /etc/named.conf to have: arg "zone_refresh 5"; arg "psearch no"; arg "serial_autoincrement no"; Then: # service named restart # tail -f /var/log/messages Nothing logged 4> Also tried with /etc/named as: arg "zone_refresh 5"; arg "psearch yes"; arg "serial_autoincrement yes"; Then: # service named restart # ipa dnszone-mod --admin-email=nk@testrelm.com example where example is the zone without idnsUpdatePolicy # tail -f /var/log/messages No error logged
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1636.html