IPA should not ask for SOA serial number interactively. If kinited user is required it should fail first not after prompting useless data.
fresh IPA install (no kinited user, no cache)
# ipa dnszone-add ipa.test.
SOA serial: 25
ipa: ERROR: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639066): Cannot find KDC for realm "DOM.TEST.COM"
This is bad UX and may confuse users.
Funny that it doesn't ask when user is kinited.
Metadata Update from @mbasti:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.