Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1613444

Description of problem:

if we follow upstream documentation to install idm in a classless private
subnet:

https://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation

a replica install fails with:

Configuring DNS (named)
  [1/9]: generating rndc key file
  [2/9]: setting up reverse zone
  [3/9]: setting up our own record
  [error] ValidationError: invalid 'cnamerecord': CNAME record is not allowed
to coexist with any other record (RFC 1034, section 3.6.2)
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
invalid 'cnamerecord': CNAME record is not allowed to coexist with any other
record (RFC 1034, section 3.6.2)




Version-Release number of selected component (if applicable): rhel-7.5 version

A comment from IPA team side:

The error basically says that for the PTR record which is being added already exists as CNAME record which is not allowed. This is true.
It seems to me that ipa replica installer doesn't count with this use case as it is trying to add the PTR record to an incorrect zone (35.136.10.in-addr.arpa.). It probably just simply sees the reverse zone and tries to add a PTR record there, not counting with the fact that there could be already a CNAME record. This would need to be
verified.
I don't know if using this also for IPA server is a good or desired thing. But a workaround could be to not create the CNAMEs for replica before installation. Install replica and add it later.

We might improve replica installer to detect CNAME and try to not add the PTR record.