Hi Rob, After deleted those hidden records inside the zones, I deleted those zones smoothly. Remember 1.1.10.in-addr.arpa.zone which was marked with glue=true? There was one hidden ptr record inside the zone. After that record being deleted, 1.1.10.in-addr.arpa.zone disappread itself :-). Thank you so much for your help! Have a great weekend!
Kathy. On Fri, Aug 27, 2021 at 1:43 PM Rob Crittenden <[email protected]> wrote: > Kathy Zhu wrote: > > Hi Rob, > > > > Thank you! That filter did the trick. There are 9 pTRRecord in the zone! > > See attached for details. What is the safe way to delete those "hidden" > > records? I assume that the zone can be deleted after those pTRRecord > > being deleted first. Many thanks. > > Use ldapdelete to remove the conflicts using the DN, e.g: > > $ ldapdelete -Y GSSAPI > > idnsName=200+nsuniqueid=0aa41606-f47811ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > rob > > > > > Kathy. > > > > [root@ipa0 ~]$ ldapsearch -Y GSSAPI -b > > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > SASL/GSSAPI authentication started > > > > SASL username: [email protected] <mailto:[email protected]> > > > > SASL SSF: 256 > > > > SASL data security layer installed. > > > > # extended LDIF > > > > # > > > > # LDAPv3 > > > > # base <idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com> with > > scope subtree > > > > # filter: (objectclass=*) > > > > # requesting: ALL > > > > # > > > > > > # 15.0.10.in-addr.arpa., dns, example.com <http://example.com> > > > > dn: idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > idnsSOAserial: 1630088951 > > > > idnsZoneActive: FALSE > > > > idnsSOAminimum: 3600 > > > > idnsSOAexpire: 1209600 > > > > idnsSOAretry: 900 > > > > idnsSOArefresh: 3600 > > > > idnsAllowQuery: any; > > > > idnsSOArName: hostmaster > > > > idnsAllowDynUpdate: TRUE > > > > idnsSOAmName: ipa0.example.com <http://ipa0.example.com>. > > > > idnsName: 15.0.10.in-addr.arpa. > > > > idnsUpdatePolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> krb5-subdomain > > 15.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard * ANY; > > > > idnsAllowTransfer: none; > > > > objectClass: top > > > > objectClass: idnsrecord > > > > objectClass: idnszone > > > > nSRecord: ipa0.example.com <http://ipa0.example.com>. > > > > nSRecord: ipa2.example.com <http://ipa2.example.com>. > > > > nSRecord: ipa3.example.com <http://ipa3.example.com>. > > > > nSRecord: hou1-ipa1.example.com <http://hou1-ipa1.example.com>. > > > > nSRecord: sfo1-ipa1.example.com <http://sfo1-ipa1.example.com>. > > > > nSRecord: hou2-ipa1.example.com <http://hou2-ipa1.example.com>. > > > > nSRecord: hq-ipa1.example.com <http://hq-ipa1.example.com>. > > > > nSRecord: gcc2-ipa1.example.com <http://gcc2-ipa1.example.com>. > > > > > > # search result > > > > search: 4 > > > > result: 0 Success > > > > > > # numResponses: 2 > > > > # numEntries: 1 > > > > [root@ipa0 ~]$ ldapsearch -Y GSSAPI -b > > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > '(objectclass=ldapsubentry)' > > > > SASL/GSSAPI authentication started > > > > SASL username: [email protected] <mailto:[email protected]> > > > > SASL SSF: 256 > > > > SASL data security layer installed. > > > > # extended LDIF > > > > # > > > > # LDAPv3 > > > > # base <idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com> with > > scope subtree > > > > # filter: (objectclass=ldapsubentry) > > > > # requesting: ALL > > > > # > > > > > > # 200 + 0aa41606-f47811ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=200+nsuniqueid=0aa41606-f47811ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: user9-laptop.example.com <http://user9-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 200 > > > > > > # 155 + f3e40606-f6a711ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=155+nsuniqueid=f3e40606-f6a711ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: user7-laptop.example.com <http://user7-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 155 > > > > > > # 183 + c0f24006-f6b011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=183+nsuniqueid=c0f24006-f6b011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: DESKTOP-test.example.com <http://DESKTOP-test.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 183 > > > > > > # 101 + 4a137207-f6c511ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=101+nsuniqueid=4a137207-f6c511ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: test-laptop.example.com <http://test-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 101 > > > > > > # 74 + 1ccac207-f6cd11ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=74+nsuniqueid=1ccac207-f6cd11ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: jsmith-laptop.example.com <http://jsmith-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 74 > > > > > > # 63 + bdd08006-f79411ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=63+nsuniqueid=bdd08006-f79411ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: kwang-laptop.example.com <http://kwang-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 63 > > > > > > # 160 + ea49d205-f85011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=160+nsuniqueid=ea49d205-f85011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: john-laptop.example.com <http://john-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 160 > > > > > > # 32 + e7f77005-f87011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=32+nsuniqueid=e7f77005-f87011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: key10-laptop.example.com <http://key10-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 32 > > > > > > # 66 + 3fc5b812-c04911eb-b84afb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > > example.com <http://example.com> > > > > dn: > > > idnsName=66+nsuniqueid=3fc5b812-c04911eb-b84afb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > pTRRecord: load8-laptop.example.com <http://load8-laptop.example.com>. > > > > dNSTTL: 300 > > > > objectClass: idnsRecord > > > > objectClass: top > > > > objectClass: ldapsubentry > > > > idnsName: 66 > > > > > > # search result > > > > search: 4 > > > > result: 0 Success > > > > > > # numResponses: 10 > > > > # numEntries: 9 > > > > [root@ipa0 ~]$ > > > > > > On Fri, Aug 27, 2021 at 9:58 AM Rob Crittenden <[email protected] > > <mailto:[email protected]>> wrote: > > > > Kathy Zhu wrote: > > > Hi Rob, > > > > > > There are 5 more reverse zones which can not be deleted as well. > IPA > > > said "Not allowed on non-leaf entry". Though that is the same > > complaint, > > > however, there are no "glue, extensibleobject" objectclasses > > associated > > > with those 5 zones. Please see attached for details. I like to have > > > those deleted as well. > > > > 389 seems to think there are records under those even though IPA > isn't > > seeing them. 389 doesn't show conflict values. I think I'd try > > ldapsearch to see if there is anything below it. > > > > kinit admin > > ldapsearch -Y GSSAPI -b > > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > If nothing then add this filter to the end, > '(objectclass=ldapsubentry)' > > > > rob > > > > > > > > Thanks. > > > > > > Kathy. > > > > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > > 15.0.10.in-addr.arpa. --all > > > > > > dn: idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2.example.com> > > <http://ipa2.example.com>., ipa3.example.com < > http://ipa3.example.com> > > > <http://ipa3.example.com>., hou1-ipa1.example.com > > <http://hou1-ipa1.example.com> > > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > > <http://sfo1-ipa1.example.com> > > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > > <http://hou2-ipa1.example.com> > > > <http://hou2-ipa1.example.com>., hq- > > > > > > ipa1.example.com <http://ipa1.example.com> > > <http://ipa1.example.com>., > > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > > <http://gcc2-ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 15.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > > * ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > > 14.0.10.in-addr.arpa. --all > > > > > > dn: idnsname=14.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2.example.com> > > <http://ipa2.example.com>., ipa3.example.com < > http://ipa3.example.com> > > > <http://ipa3.example.com>., hou1-ipa1.example.com > > <http://hou1-ipa1.example.com> > > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > > <http://sfo1-ipa1.example.com> > > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > > <http://hou2-ipa1.example.com> > > > <http://hou2-ipa1.example.com>., hq- > > > > > > ipa1.example.com <http://ipa1.example.com> > > <http://ipa1.example.com>., > > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > > <http://gcc2-ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 14.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > > * ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > > 13.0.10.in-addr.arpa. --all > > > > > > dn: idnsname=13.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2.example.com> > > <http://ipa2.example.com>., ipa3.example.com < > http://ipa3.example.com> > > > <http://ipa3.example.com>., hou1-ipa1.example.com > > <http://hou1-ipa1.example.com> > > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > > <http://sfo1-ipa1.example.com> > > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > > <http://hou2-ipa1.example.com> > > > <http://hou2-ipa1.example.com>., hq- > > > > > > ipa1.example.com <http://ipa1.example.com> > > <http://ipa1.example.com>., > > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > > <http://gcc2-ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 13.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > > * ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > > 12.0.10.in-addr.arpa. --all > > > > > > dn: idnsname=12.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2.example.com> > > <http://ipa2.example.com>., ipa3.example.com < > http://ipa3.example.com> > > > <http://ipa3.example.com>., hou1-ipa1.example.com > > <http://hou1-ipa1.example.com> > > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > > <http://sfo1-ipa1.example.com> > > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > > <http://hou2-ipa1.example.com> > > > <http://hou2-ipa1.example.com>., hq- > > > > > > ipa1.example.com <http://ipa1.example.com> > > <http://ipa1.example.com>., > > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > > <http://gcc2-ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 12.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > > * ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > > 0.0.10.in-addr.arpa. --all > > > > > > dn: idnsname=0.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2.example.com> > > <http://ipa2.example.com>., ipa3.example.com < > http://ipa3.example.com> > > > <http://ipa3.example.com>., hou1-ipa1.example.com > > <http://hou1-ipa1.example.com> > > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > > <http://sfo1-ipa1.example.com> > > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > > <http://hou2-ipa1.example.com> > > > <http://hou2-ipa1.example.com>., hq- > > > > > > ipa1.example.com <http://ipa1.example.com> > > <http://ipa1.example.com>., > > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > > <http://gcc2-ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster.example.com > > <http://hostmaster.example.com> <http://hostmaster.example.com>. > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 0.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard * > > ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 export-ipa-data]# > > > > > > > > > On Thu, Aug 19, 2021 at 6:08 PM Kathy Zhu <[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > Yes, I want to delete the zone. I tried a few ways, none > > worked so far. > > > > > > On Thu, Aug 19, 2021 at 5:15 PM Rob Crittenden > > <[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> > wrote: > > > > > > Kathy Zhu via FreeIPA-users wrote: > > > > Hi List, > > > > > > > > When I run ipa-healthcheck on all of our ipa servers, > > they all > > > reported > > > > following: > > > > > > > > [root@ipa0 ~]# ipa-healthcheck --failures-only > > --output-type human > > > > > > > > ERROR: > > > > > > > > > > > ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com: > > > > Replication conflict > > > > > > > > [root@ipa0 ~]# > > > > > > > > [root@ipa0 ~]# ipa-healthcheck --failures-only > > > > > > > > [ > > > > > > > > { > > > > > > > > "source": "ipahealthcheck.ds.replication", > > > > > > > > "kw": { > > > > > > > > "msg": "Replication conflict", > > > > > > > > "glue": true, > > > > > > > > "conflict": "deletedEntryHasChildren", > > > > > > > > "key": > > > "idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com" > > > > > > > > }, > > > > > > > > "uuid": "3027f742-4b7b-4a20-9650-a5a030699480", > > > > > > > > "duration": "0.002318", > > > > > > > > "when": "20210819234114Z", > > > > > > > > "check": "ReplicationConflictCheck", > > > > > > > > "result": "ERROR" > > > > > > > > } > > > > > > > > ] > > > > > > > > [root@ipa0 ~]# > > > > > > > > [root@ipa0 ~]# ipa dnsrecord-find 1.1.10.in-addr.arpa. > > > > --sizelimit=99999 --all --structured > > > > > > > > dn: > idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > > > Record name: @ > > > > > > > > Records: > > > > > > > > Record type: NS > > > > > > > > Record data: ipa1.example.com > > <http://ipa1.example.com> <http://ipa1.example.com> > > > <http://ipa1.example.com>. > > > > > > > > NS Hostname: ipa1.example.com > > <http://ipa1.example.com> <http://ipa1.example.com> > > > <http://ipa1.example.com>. > > > > > > > > idnsallowdynupdate: TRUE > > > > > > > > idnsallowquery: any; > > > > > > > > idnsallowtransfer: none; > > > > > > > > idnssoaexpire: 1209600 > > > > > > > > idnssoaminimum: 3600 > > > > > > > > idnssoamname: ipa0.example.com > > <http://ipa0.example.com> <http://ipa0.example.com> > > > <http://ipa0.example.com>. > > > > > > > > idnssoarefresh: 3600 > > > > > > > > idnssoaretry: 900 > > > > > > > > idnssoarname: hostmaster > > > > > > > > idnssoaserial: 1629023582 > > > > > > > > idnsupdatepolicy: grant EXAMPLE.COM > > <http://EXAMPLE.COM> <http://EXAMPLE.COM> > > > <http://EXAMPLE.COM> > > > > krb5-subdomain 1.1.10.in-addr.arpa. PTR; grant dhcp-key > > > wildcard * ANY; > > > > > > > > idnszoneactive: FALSE > > > > > > > > objectclass: top, idnsrecord, idnszone, glue, > > extensibleobject > > > > > > > > ---------------------------- > > > > > > > > Number of entries returned 1 > > > > > > > > ---------------------------- > > > > > > > > [root@ipa0 ~]# > > > > > > > > > > > > Notice above, glue is true! After googling, I found > > following: > > > > > > > > > > > > > > > > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/ipa-replica-manage#Solving_Orphan_Entry_Conflicts > > > > > > > > > > > > > > > > > > > https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts#Solving_Common_Replication_Conflicts-Solving_Orphan_Entry_Conflicts > > > > > > > > > > > > The explanation made sense to me. However, I do not know > > what > > > happened > > > > to get us into this situation. > > > > > > > > > > > > A good zone displays objectclass like this: > > > > > > > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > > > > > > > > > > > Note, no "glue, extensibleobject" there. > > > > > > > > > > > > This zone can not be deleted since "Not allowed on > non-leaf > > > entry". Any > > > > ideas to delete this zone? > > > > > > Do you want to delete the zone? > > > > > > rob > > > > > > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
