On Wed, Apr 28, 2021 at 12:59:36PM +0300, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> We install a freeipa-server with a constant set of clients that
> never changes, and install the DNS server with ipa-server-install.
> Dynamic DNS updates are automatically enabled.
>
> I'm not sure what the best way is to get rid of the dynamic update
> capabilities completely. During installation ipa-dns-install has
> added a block about dynamic updates at the end of named.conf. Can
> we just remove this block to disable the feature? Is anything
> else required?
Dynamic DNS updates are controlled by the properties of a DNS zone, not
in named.conf.
$ ipa dnszone-mod --help|grep dynamic
--dynamic-update=BOOL
Allow dynamic updates.
Okay, understood, but our customer _will_ complain about the
dyndns block in named.conf, the socket it creates and about
authentication with gssapi, so we _have_ to remove that if
possible, or to "defuse" it.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt