I have a FreeIPA server with the following information.
- FreeIPA server: utility.lab.example.com
- FreeIPA realm: LAB.EXAMPLE.COM
- FreeIPA domain: lab.example.com.
I want to insert a few DNS records:
- hosta.lab.example.com - 172.25.250.10
- hostb.lab.example.com - 172.25.250.11
- hostc.lab.example.com - 172.25.250.12
- hostd.lab.example.com - 172.25.250.13
- bastion.lab.example.com - 172.25.250.254
And I’d like to use the command line to do this.
- Acquire the admin’s Kerberos ticket.
[root@utility ~]# kinit admin
Password for admin@LAB.EXAMPLE.COM:
- List the DNS zones.
[root@utility ~]# ipa dnszone-find
Zone name: 250.25.172.in-addr.arpa.
Active zone: TRUE
Authoritative nameserver: utility.lab.example.com.
Administrator e-mail address: hostmaster.lab.example.com.
SOA serial: 1606798502
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
Zone name: lab.example.com.
Active zone: TRUE
Authoritative nameserver: utility.lab.example.com.
Administrator e-mail address: hostmaster.lab.example.com.
SOA serial: 1606798523
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
----------------------------
Number of entries returned 2
----------------------------
- Find DNS record whose name contains “hosta” (e.g. hosta.lab.example.com)
[root@utility ~]# ipa dnsrecord-find lab.example.com. --name hosta
----------------------------
Number of entries returned 0
----------------------------
- Add a record name hosta.lab.example.com with IP 172.25.250.10.
[root@utility ~]# ipa dnsrecord-add lab.example.com. \
> hosta \
> --a-rec 172.25.250.10
Record name: hosta
A record: 172.25.250.10
[root@utility ~]# ipa dnsrecord-find lab.example.com. --name hosta
Record name: hosta
A record: 172.25.250.10
----------------------------
Number of entries returned 1
----------------------------
- Repeat the above steps for hostb, hostc, and hostd
[root@utility ~]# ipa dnsrecord-add lab.example.com. hostb --a-rec 172.25.250.11
Record name: hostb
A record: 172.25.250.11
[root@utility ~]# ipa dnsrecord-add lab.example.com. hostc --a-rec 172.25.250.12
Record name: hostc
A record: 172.25.250.12
[root@utility ~]# ipa dnsrecord-add lab.example.com. hostd --a-rec 172.25.250.13
Record name: hostd
A record: 172.25.250.13
- Add a record name bastion.lab.example.com with IP 172.25.250.254
[root@utility ~]# ipa dnsrecord-add lab.example.com. bastion --a-rec 172.25.250.254
Record name: bastion
A record: 172.25.250.254
I just realized that all my DNS records do not have reverse records created for them. There are 2 ways to achieve this. First is to create a PTR records for each record above. The second option is to delete the existing record, and create a new one with PTR record created automatically.
Let’s try the first option, by creating a PTR record for 172.25.250.10.
[root@utility ~]# ipa dnsrecord-add 250.25.172.in-addr.arpa 10 --ptr-rec hosta.lab.example.com.
Record name: 10
PTR record: hosta.lab.example.com
Here is the second option. As stated, we have to delete the existing record, e.g. bastion.lab.example.com, then re-add it with –a-create-reverse option.
[root@utility ~]# ipa dnsrecord-del lab.example.com. bastion --a-rec 172.25.250.254
------------------------
Deleted record "bastion"
------------------------
[root@utility ~]# ipa dnsrecord-add lab.example.com. bastion \
> --a-rec 172.25.250.254 \
> --a-create-reverse
Record name: bastion
A record: 172.25.250.254
Let’s verify our newly created PTR records. Expect to see 10 and 254.
[root@utility ~]# ipa dnsrecord-find 250.25.172.in-addr.arpa.
Record name: @
NS record: utility.lab.example.com.
Record name: 10
PTR record: hosta.lab.example.com.
Record name: 254
PTR record: bastion.lab.example.com.
Record name: 8
PTR record: utility.lab.example.com.
----------------------------
Number of entries returned 4
----------------------------
If you’re reading this, hope you learn a few things about adding DNS records with FreeIPA.