Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

17.7. Managing DNS Record Entries

17.7.1. Adding Records to DNS Zones

IdM supports several different types of DNS records, listed in Table 17.2, “DNS Record Types”.

Table 17.2. DNS Record Types

A CERT KX NS SIG
AAAA CNAME LOC NSEC SRV
A6 DNAME MX PTR SSHFP
AFSDB DS NAPTR RRSIG TXT

17.7.1.1. Adding DNS Resource Records from the Web UI

Note

To make new resource records immediately resolvable without restarting the name service, enable persistent searches with the named service or configure the BIND service to poll the Directory Server automatically for zone changes. See Section 17.8.2, “Disabling Persistent Searches”.
  1. Open the Identity tab, and select the DNS subtab.
  2. Click the name of the DNS zone to which to add records.
  3. In the DNS Resource Records tab, click the Add link.
  4. Select the type of record to create in the Record Type drop-down menu. The required data is different, depending on the record type. For example, a CNAME record requires a hostname. The data field name updates automatically to indicate what kind of information to supply.
    Although IdM supports many different record types, there are four frequent record types that are used:
    • A. This is a basic map for a hostname and an ordinary IPv4 address. The Record Name is a hostname, such as www. The IP Address value is a standard IPv4 address, such as 192.168.1.2.
      More information about A records is in RFC 1035.
    • AAAA. This is a basic map for a hostname and an IPv6 address. The Record Name is a hostname, such as www. The IP Address value is a standard hexadecimal IPv6 address, such as fe80::20c:29ff:fe02:a1b3.
      More information about AAAA records is in RFC 3596.
    • SRV. Service (SRV) resource records map service names to the DNS name of the server that is providing that particular service. The Record Name has the format _service._protocol, such as _ldap._tcp. There are individual fields to set the priority, weight, port number, and hostname for the target service.
      More information about SRV records is in RFC 2782.
    • PTR. A pointer record type (PTR) record adds a reverse DNS record, which maps an IP address to a domain name. In this case, the Record Name is the record ID number for the DNS entry of the resource and the Hostname value is the hostname with a terminal period, such as server.example.com..
      More information about PTR records is in RFC 1035.
  5. Click the Add button to save the new resource record.

17.7.1.2. Adding DNS Resource Records from the Command Line

The same script, ipa dnsrecord-add, is used to add resource records of any type, but the options for the script and the required data are different, based on the resource record type.
17.7.1.2.1. About the Commands to Add DNS Records
The ipa dnsrecord-add command adds records to DNS zones, based on the type. Adding a record has the same basic command format:
$ ipa dnsrecord-add zoneName recordName --recordType-option=data
The zoneName is the name of the DNS zone to which the record is being added. The recordName is an identifier for the new DNS resource record.
Table 17.3, “Common dnsrecord-add Options” lists options for the most common resource record types: A (IPv4), AAAA (IPv6), SRV, and PTR. Options for other supported record types are listed in the ipa dnsrecord-add help and manpages.

Note

The ipa dnsrecord-add command only creates forward entries, not reverse entries.

Table 17.3. Common dnsrecord-add Options

General Record Options
Option Description
--ttl=number Sets the time to live for the record.
--class=IN | CS | CH | HS Sets the class of the record. This is usually IN, for Internet protocol.
--structured Parses the raw DNS records and returns them in a structured format.
"A" Record Options
Option Description
--a-rec=ARECORD Passes a comma-separated list of A records.
--a-ip-address=string Gives the IP address for the record.
"AAAA" Record Options
Option Description
--aaaa-rec=AAAARECORD Passes a comma-separated list of AAAA (IPv6) records.
--aaaa-ip-address=string Gives the IPv6 address for the record.
"PTR" Record Options
Option Description
--ptr-rec=PTRRECORD Passes a comma-separated list of PTR records.
--ptr-hostname=string Gives the hostname for the record.
"SRV" Record Options
Option Description
--srv-rec=SRVRECORD Passes a comma-separated list of SRV records.
--srv-priority=number Sets the priority of the record. There can be multiple SRV records for a service type. The priority (0 - 65535) sets the rank of the record; the lower the number, the higher the priority. A service has to use the record with the highest priority first.
--srv-weight=number Sets the weight of the record. This helps determine the order of SRV records with the same priority. The set weights should add up to 100, representing the probability (in percentages) that a particular record is used.
--srv-port=number Gives the port for the service on the target host.
--srv-target=string Gives the domain name of the target host. This can be a single period (.) if the service is not available in the domain.
17.7.1.2.2. Examples of Adding DNS Resource Records

Note

To make new resource records immediately resolvable without restarting the name service, enable persistent searches with the named service or configure the BIND service to poll the Directory Server automatically for zone changes. See Section 17.8.2, “Disabling Persistent Searches”.

Example 17.6. IPv4 Record

Type A resource records map hostnames to IPv4 addresses. The record value for these commands, then, is a standard IPv4 address. The URL label is usually www.
$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165
This creates the record www.example.com with the IP address 10.64.14.165.
More information about A records is in RFC 1035.

Example 17.7. Modifying IPv4 Record

There are two options that specify an A record value. When creating a record, the option is --a-record. However, when modifying an A record, the --a-record option shows the old value for the A record. The new value is set with the --ip-address option.
$ ipa dnsrecord-mod example.com www --a-rec 10.1.1.1 --ip-address 10.1.1.2

Example 17.8. IPv6 Record

Type AAAA resource records (quad-A records) map hostnames to IPv6 addresses. The record value for these commands is an IPv6 address. As with Type A records, the URL label is usually www.
$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3
This creates the record www.example.com with the IP address fe80::20c:29ff:fe02:a1b3. More information about AAAA records is in RFC 3596.

Example 17.9. SRV Record

Service (SRV) resource records map service names to the DNS name of the server that is providing that particular service. For example, this record type can map a service like an LDAP directory to the server which manages it.
As with Type A and Type AAAA records, SRV records specify a way to connect to and identify the service, but the record format is different.
The recordName identifies the service type and the connection protocol, in the format _service._protocol.
The record information has the format "priority weight port target".
[root@server ~]# ipa dnsrecord-add server.example.com _ldap._tcp --srv-rec="0 51 389 server1.example.com."
[root@server ~]# ipa dnsrecord-add server.example.com _ldap._tcp --srv-rec="1 49 389 server2.example.com."
The set weights should add up to 100, representing the probability (in percentages) that a particular record is used.
More information about SRV records is in RFC 2782.

Example 17.10. PTR Record

A pointer record type (PTR) record adds a reverse DNS record, which maps an IP address to a domain name.
All reverse DNS lookups for IPv4 addresses use reverse entries that are defined in the in-addr.arpa. domain. The reverse address, in human-readable form, is the exact reverse of the regular IP address, with the in-addr.arpa. domain appended to it. For example, for the network address 192.0.2.0/24, the reverse zone is 2.0.192.in-addr.arpa.
$ ipa dnsrecord-add reverseZone recordName --ptr-rec FQDN
The recordName and reverseZone need to create a valid reverse name when concatenated in the following way: recordName.reverseZone
For example, this adds a reverse DNS entry to the 1.0.192.in-addr.arpa. reverse zone for the host server2.example.com with the IP address 192.0.1.2:
$ ipa dnsrecord-add 1.0.192.in-addr.arpa. 2 --ptr-rec server2.example.com.
The next example adds a reverse DNS entry to the 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IPv6 reverse zone for the host server2.example.com with the IP address 2001:DB8::1111:
$ ipa dnsrecord-add 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. 1.1.1.0.0.0.0.0.0.0.0.0.0.0.0 --ptr-rec server2.example.com.

Note

For more information on PTR records, see the following resources:
  • RFC 1035 describes the specification for the IPv4 in-addr.arpa domain.
  • RFC 2317 describes IPv4 classless in-addr.arpa delegation
  • RFC 3596 describes extensions to support IPv6

17.7.2. Deleting Records from DNS Zones

17.7.2.1. Deleting Records with the Web UI

To delete only a specific record type from the resource record:
  1. Open the Identity tab, and select the DNS subtab.
  2. Click the name of the DNS zone.
  3. In the DNS Resource Records tab, click the name of the resource record.
  4. Click the checkbox by the name of the record type to delete, and then click the active Delete link at the top of the list.
    This deletes only that record type while leaving the other configuration intact.
Alternatively, delete all of the records for the resource in the zone:
  1. Open the Identity tab, and select the DNS subtab.
  2. Click the name of the DNS zone.
  3. In the DNS Resource Records tab, select the checkbox by the name of the resource record to delete. This deletes the entire record.
  4. Click the Delete link at the top of the zone records page.

17.7.2.2. Deleting Records with the Command Line

Records are removed from the zone using the ipa dnsrecord-del command. As with adding records, records are deleted using an option that specifies the type of record (--recordType-rec) and the record value.
For example, to remove the A type record:
$ ipa dnsrecord-del example.com www --a-rec 10.64.14.213
If you run the ipa dnsrecord-del command without any options, the command prompts for information about the record to delete.
Alternatively, using the --del-all option removes all associated records for the zone.