#2307 Problem adding NSEC record
Closed: Fixed None Opened 12 years ago by edewata.

Some NSEC record operations do not work using the new DNS API.

Adding NSEC record using separate parameters doesn't work:

#ipa dnsrecord-add test.com test --nsec-next=example.com --nsec-types=TXT
ipa: ERROR: invalid 'nsecrecord': Only one value is allowed

Specifying multiple NSEC types in --nsec-types doesn't work either:

# ipa dnsrecord-add test.com test --nsec-next=example.com --nsec-types=TXT,SRV
ipa: ERROR: invalid 'nsec_types': must be one of (u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')

Adding the NSEC record using its raw value works:

# ipa dnsrecord-add test.com test --nsec-rec="example.com TXT SRV"
  Record name: test
  NSEC record: example.com TXT SRV

Metadata Update from @edewata:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02

7 years ago

Login to comment on this ticket.

Metadata