Hi Rob, thanks for taking a look. Re: sanity check I meant:
13-Dec-2018 00:31:34.398 client 10.30.10.27#53265/key
host/mdc-ipa-01.idm.planetrisk.com\(a)IDM.PLANETRISK.COM: updating zone
'idm.planetrisk.com/IN': update rejected: post update name server sanity check
failed
13-Dec-2018 00:31:34.511 client 10.30.10.27#40273/key
host/mdc-ipa-01.idm.planetrisk.com\(a)IDM.PLANETRISK.COM: updating zone
'idm.planetrisk.com/IN': deleting rrset at 'mdc-ipa-01.idm.planetrisk.com'
A
And then you can see there in the log snippet from the first post that it immediately
tries again and succeeds.
The log does not indicate a successful delete, I just know the record is gone.
It has occurred to me that this is from the bind/named log so the sanity check has nothing
to do with FreeIPA.
And probably that sanity check is bind saying “you can’t/shouldn’t delete the A record
associated with the NS records”
So now I’m back to asking myself why/who/what is causing the record to be deleted in the
first place.
Let me do some more digging and see if I can find the culprit. I suspect something to do
with sssd and dynamic updates.