PTR records not created automatically by SSSD on Rocky 9 / FreeIPA host join #8252
Description
Hey folks, I’m running into a weird behavior with SSSD and IPA on Rocky 9. I am joining my hosts via Ansible to my FreeIPA Server, and I want them to automatically update their PTR records in an MS DNS zone that I created for my FreeIPA domain. My FreeIPA server does not run DNS itself—it relies entirely on the MS DNS zone. The A Record will be created as expected.
My Setup:
- Rocky Linux 9 Both host and the Server
- FreeIPA server (with MS DNS integration)
- nsupdate is installed and works
- Hosts are joined via Ansible automation
SSSD configured with:
dyndns_update = True
dyndns_update_ptr = True
dyndns_refresh_interval = 600
dyndns_iface = ens33
The problem:
Even though dyndns_update_ptr = True and the refresh interval is set, SSSD never creates the PTR. Logs always say:
No DNS update needed, addresses did not change
I discovered a workaround:
- Temporarily switch dyndns_iface to the interface altname
enp2s1 - Restart SSSD
- Switch back to
ens33 - Restart SSSD
After that, the PTR record is created.
Questions:
- Is this normal behavior for SSSD/DDNS?
- Is there a proper way to ensure the PTR is created automatically after host join, without this two-step interface swap?
- Could this be fixed via FreeIPA server settings, or is this strictly a SSSD client issue?
I just want a clean, repeatable way to make PTR creation work after joining hosts to IPA.
Any guidance or experiences with this would be appreciated!