#7171 Allow PTR records outside in-addr.arpa and ip6.arpa
Closed: duplicate 5 years ago by ftweedal. Opened 7 years ago by tomkep.

When I add ptr record as below:

ipa dnsrecord-add example.com xxx.yyy.zzz.www.in-addr --ptr-hostname=boholt.example.com.

I am getting an error:

ipa: ERROR: invalid 'ptrrecord': Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: ip6.arpa., in-addr.arpa.

I have one (literally) public IP address assigned to me by my provider and would like a control over it. So my provider entered a CNAME for this reverse pointing back to my forward zone. I would like to have the ability to assign hostname back there but as seen above IPA tries to be smarter. Please return the powers back to me and at least add force parameter if I choose to do whatever you may consider inappropriate, but is valid in my case. Now I need to delegate outside of IPA to just add one PTR record!


I can't tell exactly what you're trying to do but your syntax is wrong.

in-addr should be in-addr.arpa at a minimum but you can't set a PTR record as a value like this either. A typical value would be 0-254, not a zone name.

AFAICT it would look like this in text:

xxx.yyy.zzz.www.in-addr.arpa IN PTR bohold.example.com.

I'm no DNS expert but that looks invalid to me.

I want to achieve something more or less like what's described in RFC2317 in chapter 5.2. So reverse zone has:

SOA @yyy.xxx.www.in-addr.arpa

zzz IN CNAME zzz.yyy.xxx.www.in-addr.<my-domain>.

and in <my-domain> I want to have:

zzz.yyy.xxx.www.in-addr IN PTR <my-host>

This works. In bind. I do not understand why IPA doesn't allow that. And there are a few more examples (ok, obsoleted) where PTR records were used for something else than reverse mapping.

PTR records are also used by dns-sd see http://pig.made-it.com/dns-sd.html for an example _services._dns-sd._udp

note you can add the record by editing ldap and reloading named and it works

So basically restriction of PTR records to be only allowed in ip6.arpa and in-addr.arpa zones is artificial and counter productive.

I wonder if if IPA imposes similar restrictions on other records. Like not allowing CNAME in reverse zone which is needed for my scenario.

Metadata Update from @ftweedal:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

5 years ago

Log in to comment on this ticket.

Metadata