Some NSEC record operations do not work using the new DNS API.
Adding NSEC record using separate parameters doesn't work:
#ipa dnsrecord-add test.com test --nsec-next=example.com --nsec-types=TXT ipa: ERROR: invalid 'nsecrecord': Only one value is allowed
Specifying multiple NSEC types in --nsec-types doesn't work either:
# ipa dnsrecord-add test.com test --nsec-next=example.com --nsec-types=TXT,SRV ipa: ERROR: invalid 'nsec_types': must be one of (u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')
Adding the NSEC record using its raw value works:
# ipa dnsrecord-add test.com test --nsec-rec="example.com TXT SRV" Record name: test NSEC record: example.com TXT SRV
master: cb4b2e6[[BR]] ipa-2-2: 43c3fbc
Metadata Update from @edewata: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.