By default, we contact the server we establish the LDAP connection
with. I’m sorry, I got a bit lost in the thread — what was >the difference between the
right server and the wrong server in your setup.
In our case, DNS server is not LDAP - it is separate win DNS serer.
There is also split DNS server resolving all in/out requests from intern clients.
This one is known for resolver on all clients, but can't be used for dyndns updates.
In general, SSSD tries to do as little as possible and we try to let
nsupdate do its job right..
But sssd supply data for update record for nsupdate, right?
---this doesn't work---
server
nat-vdc0b.nat.domain.org
realm
NAT.DOMAIN.ORG
update delete skywalker. in A
send
update delete skywalker. in AAAA
send
update add skywalker. 3600 in A 10.80.8.91
send
----
---- works, after hokus-pokus with /etc/{hosts,hostname,dhclient}---
server nat-vdc0b.nat.c.sdu.dk
realm NAT.C.SDU.DK
update delete
skywalker.nat.domain.org in A
send
update delete
skywalker.nat.domain.org in AAAA
send
update add
skywalker.nat.domain.org 3600 in A 10.80.8.91
send
----
How SSSD resolves domainname for machine for supplying to nsupdate record?
It could be nice to be sure if 'dnsdomainname' returned domainname, this one
was used for 'nsupdate'.
In my initial config the following commands returned correctly:
hostname -s
hostname -f
dnsdomainname
...but the nsupdate record was wrong. It was confusing...
PTR dyndns still doesn’t work :
---- doesn’t work---
server server
nat-vdc0b.nat.domain.org
realm
NAT.DOMAIN.ORG
update delete 91.8.80.10.in-addr.arpa. in PTR
update add 91.8.80.10-in-addr.arpa. 3600 in PTR skywalker.nat.c.sdu.dk.
send
---
Servers nat-vdc0{a,b,c} are LDAP servers for
nat.domain.org not DNS servers.
Best
Longina