#1241 Investigate what we do across subnets?
Opened 12 years ago by rcritten. Modified 7 years ago

Assume an IPA server is installed on ipa.example.com with IP address 192.168.1.1. We will create a reverse zone for 1.168.192.

Now we install a client or replica on 192.168.2.1.

I'm going to guess that zone updates fail, what can we do to make this work better?


When a replica is being created, ipa-replica-prepare creates a new reverse zone if it is missing in DNS.

For client that's another story - administrators would have to prepare a reverse zones for all IP ranges that its clients can cover.

We currently do not update reverse records dynamically as we cannot trust clients to do that.

We should add a feature request to let bind-dyndb-ldap actually try to update the corresponding PTR records when A records are changed if we are also managing the reverse zone. This should be optional as admins may rightfully not trusts clients in that case too.

Changing a PTR record may break other servers easily.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: Future Releases

7 years ago

Login to comment on this ticket.

Metadata