#5566 Permit creation of PTR records in non-.arpa master zones via the DNS UI
Closed: fixed 3 years ago by frenaud. Opened 8 years ago by mossholderm.

DNS-SD uses PTR records in forward zones. For example, to enable service discovery in a zone example.com one must create the following records:

b._dns-sd._udp IN PTR @
lb._dns-sd._udp IN PTR @

Additionally, PTR records are used by DNS-SD to point services to discoverable names, like this:

_http._tcp IN PTR Some\ Web\ Page._http._tcp Some\ Web\ Page._http._tcp  SRV 0 0 80 neinfo.example.com.                                                                    
                                                                         TXT path=/

BIND supports this capability, so I am assuming it is just something that needs to be instrumented in the UI.

http://www.dns-sd.org/serverstaticsetup.html


Sorry for the bad formatting...

b._dns-sd._udp  IN PTR @
lb._dns-sd._udp IN PTR @

_http._tcp      IN PTR Some\ Web\ Page._http._tcp Some\ Web\ Page._http._tcp SRV 0 0 80 neinfo.example.com.
                                                                             TXT path=/

I agree. Currently an attempt to add PTR record to non-arpa zone fails with following error:

invalid 'ptrrecord': Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: ip6.arpa., in-addr.arpa.

This should be just a warning like:

PTR records typically exist in a sub-domains of one the following fully qualified domains: ip6.arpa., in-addr.arpa.

Even better, we might show the warning only if node name does not contain an underscore to avoid false positives caused by DNS-SD.

Metadata Update from @mossholderm:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Metadata Update from @mbasti:
- Issue assigned to tkrizek (was: mbasti)
- Issue close_status updated to: None

7 years ago

We need this functionality for a managed printing (over DNS-SD) on MasOS clients in our network.

Or have any workaround for add non-standart PTR-records in managed FreeIPA DNS-server?

similar issue: https://pagure.io/freeipa/issue/7171

For reference, the DNS-SD RFC: https://tools.ietf.org/html/rfc6763.

IMO we should just remove the error and not even bother with a warning.
There are possible uses for PTR that we might not even know about. And
if you're creating PTR records, you (hopefully) know what you're doing...

I'll close #7171 as duplicate.

You can add records by manually editing items in ldap

It may be true that there are lots of users for all kinds of records but being a general-purpose DNS server was never the goal.

@rcritten it seems like a legitimate use case to me. We don't even have to add functionality, just get out of the way.

Metadata Update from @tkrizek:
- Assignee reset

5 years ago

I want to boost this. Looking at DNS-SD for ACME service discovery. I might just go ahead and produce the PR.

Metadata Update from @ftweedal:
- Issue set to the milestone: None (was: FreeIPA 4.5 backlog)

3 years ago

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

3 years ago

master:

  • b153b23 dns: allow PTR records in arbitrary zones

ipa-4-8:

  • 82a581d dns: allow PTR records in arbitrary zones

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Log in to comment on this ticket.

Metadata