IP v4 address block 172.16.0.0/12 is a private, non-routable address range. Adding any address within that range should pass the overlap checks. However, attempting to add such causes a complaint about overlap then a command failure.
Notice the error message. Command failure.
There should be no conflicts with arin addresses reported when creating reverse ip zones for any RFC1918 subnet.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
freeipa-server-4.7.2-1.1.fc29.x86_64 freeipa-client-4.7.2-1.1.fc29.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.0.22-1.fc29.x86_64 pki-ca-10.6.9-1.fc29.noarch krb5-server-1.16.1-25.fc29.x86_64
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Either I'm not doing this right or something changed in the interim but I can't reproduce this with master from the command-line.
$ ipa dnszone-add 0.16.172.in-addr.arpa. Zone name: 0.16.172.in-addr.arpa. Active zone: TRUE Authoritative nameserver: ipa.example.test. Administrator e-mail address: hostmaster SOA serial: 1568924343 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant EXAMPLE.TEST krb5-subdomain 0.16.172.in-addr.arpa. PTR; Dynamic update: FALSE Allow query: any; Allow transfer: none;
Did you specify 172.16.0.0/12 like in the following example?
# ipa dnszone-add --name-from-ip 172.16.0.0/12 Zone name [172.in-addr.arpa.]: ipa: ERROR: DNS zone 172.in-addr.arpa. already exists in DNS and is handled by server(s): arin.authdns.ripe.net., z.arin.net., x.arin.net., y.arin.net., u.arin.net., r.arin.net.
Note that if you are using /12 as subnet mask, the command will try to define the reverse zone 172.in-addr.arpa.. If you use instead /16, the command will work and define :the reverse zone 16.172.in-addr.arpa.
172.in-addr.arpa.
16.172.in-addr.arpa.
# ipa dnszone-add --name-from-ip 172.16.0.0/16 Zone name [16.172.in-addr.arpa.]: Zone name: 16.172.in-addr.arpa. Active zone: TRUE Authoritative nameserver: master.ipa.test. Administrator e-mail address: hostmaster SOA serial: 1568994077 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant IPA.TEST krb5-subdomain 16.172.in-addr.arpa. PTR; Dynamic update: FALSE Allow query: any; Allow transfer: none;
Please see the doc that explains:
To create the reverse zone by its IP network, set the network information to the (forward-style) IP address, with the subnet mask bit count. The bit count must be a multiple of eight for IPv4 addresses or a multiple of four for IPv6 addresses.
Login to comment on this ticket.