Hi, I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details.
For example I add a zone test.be and change the mname record. [root@ns02 ~]# ipa dnszone-add Zone name: test.be Zone name: test.be. Active zone: TRUE * Authoritative nameserver: ns02.tokiogroup.be <http://ns02.tokiogroup.be>.* Administrator e-mail address: hostmaster SOA serial: 1440070999 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TOKIOGROUP.BE krb5-self * A; grant TOKIOGROUP.BE krb5-self * AAAA; grant TOKIOGROUP.BE krb5-self * SSHFP; Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@ns02 ~]# ipa dnszone-mod --nameserver anaconda-ks.cfg .bash_logout .bashrc .ipa/ .ssh/ .bash_history .bash_profile .cshrc .pki/ .tcshrc [root@ns02 ~]# ipa dnszone-mod --name-server* ns7.tokiogroup.be <http://ns7.tokiogroup.be>*. Zone name: test.be ipa: WARNING: Semantic of setting Authoritative nameserver was changed. It is used only for setting the SOA MNAME attribute. NS record(s) can be edited in zone apex - '@'. Zone name: test.be. Active zone: TRUE *Authoritative nameserver: ns7.tokiogroup.be <http://ns7.tokiogroup.be>.* Administrator e-mail address: hostmaster SOA serial: 1440071001 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; [root@ns02 ~]# nslookup > set q=SOA > test.be Server: 127.0.0.1 Address: 127.0.0.1#53 test.be * origin = ns02.tokiogroup.be <http://ns02.tokiogroup.be>* mail addr = hostmaster.test.be serial = 1440071001 refresh = 3600 retry = 900 expire = 1209600 minimum = 3600 As you can see the SOA record still shows the original default value. Kind Regards, David Dejaeghere
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
