Assume an IPA server is installed on ipa.example.com with IP address 192.168.1.1. We will create a reverse zone for 1.168.192.
Now we install a client or replica on 192.168.2.1.
I'm going to guess that zone updates fail, what can we do to make this work better?
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=707229
When a replica is being created, ipa-replica-prepare creates a new reverse zone if it is missing in DNS.
ipa-replica-prepare
For client that's another story - administrators would have to prepare a reverse zones for all IP ranges that its clients can cover.
We currently do not update reverse records dynamically as we cannot trust clients to do that.
We should add a feature request to let bind-dyndb-ldap actually try to update the corresponding PTR records when A records are changed if we are also managing the reverse zone. This should be optional as admins may rightfully not trusts clients in that case too.
Changing a PTR record may break other servers easily.
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: Future Releases
Login to comment on this ticket.