Web UI currently offers A/AAAA/CNAME records as "Standard records" in DNS zone root record ("@"). But it generally does not make much sense to have these records in the zone record (especially for the CNAME record).
We should rather offer records standard for zone record, like NS, MX or LOC. CLI interactive help already does that. You can check it with:
# ipa dnsrecord-add example.com @
A and AAAA records are often used in zone's root record.
Typical zone root record example (nic.cz = czech domain registry):
$ dig @a.ns.nic.cz nic.cz -t ANY +tcp +norecurse ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>> @a.ns.nic.cz nic.cz -t ANY +tcp +norecurse ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3985 ;; flags: qr aa; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 10 ;; QUESTION SECTION: ;nic.cz. IN ANY ;; ANSWER SECTION: nic.cz. 1800 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1334044982 10800 3600 1209600 7200 nic.cz. 1800 IN NS a.ns.nic.cz. nic.cz. 1800 IN NS b.ns.nic.cz. nic.cz. 1800 IN NS d.ns.nic.cz. nic.cz. 1800 IN A 217.31.205.50 nic.cz. 1800 IN MX 10 mail.nic.cz. nic.cz. 1800 IN MX 15 mail4.nic.cz. nic.cz. 1800 IN MX 20 mx.cznic.org. nic.cz. 1800 IN MX 30 bh.nic.cz. nic.cz. 1800 IN AAAA 2001:1488:0:3::2 nic.cz. 7200 IN NSEC 6to4.nic.cz. A NS SOA MX AAAA RRSIG NSEC DNSKEY nic.cz. 3600 IN DNSKEY 257 3 5 BQEAAAABt3LenoCVTV0okqKYPDnnVJqvwCD9MKJNXg8fcOCdLQYncyoe hpwM5RK2UkZDcDxWkMo7yMa35ej+Mhpaji9si4xXD+Syl4Q06LFiFkdN /5GlVlrIdE3GW7zC7Z4sS14Vz8FbYfcRmhsh19Ob718jGZneGfw2UPbv kyxUR8wD7mguZn02fQ6tjj/Ktp4uSW9tpz3bjGMo2rX+iZk4xgbPaesA OlR/AaHdatGZsWC9CPon8mnLZeu6czm8CBDgBmnf3PE8c5+uyWj1Pw4p p0VQmnX5UrnuGpErg7qXhJm7wY2CRVRMcLX3zmjVWXW1uT9JFh2G+/pZ zxnASfKKltZpuw== nic.cz. 3600 IN DNSKEY 256 3 5 BQEAAAABwiUmLz2HrPWOJOlEA0vF+OmLh2uVwhRocnfCby8tVEz3xXgV NffTpMZxWjUJq4RN5b5GYp3rHbSNhsbNrHBFT5rVzEEmirCvhFHGhTHD H6Z7aOVD9BPF+4D8JdkMVb6tsvSqb1CnTOoeQFj1m2DsfFPbeDLqFNQQ V7wYQ3QIc+s= nic.cz. 1800 IN RRSIG A 5 2 1800 20120424070302 20120410070302 35147 nic.cz. DY7l5qgQdaMO0Ku3sbNzrffkxqu/Px0cd6tXFtEhqZ869Wwaed1ShdNZ DxCDVwmbF5VsJLp8pXLFHLrJ0Zps+JFv8WfPy0qbK+ZypXLxDSFhuLqw zloeGIKP4oDjYIiLkvigAQEzPuAOplsf53uazViUJTzrEmoo5hOo601n Eng= nic.cz. 1800 IN RRSIG NS 5 2 1800 20120424070302 20120410070302 35147 nic.cz. DMayPbKAdEkg8xTY0hRlZmVYd3DNT3a8qRB1fjJoByVQfL0n3uBRLaXb /ZrhApPOnwRQjN7S/EPFcV4IR53a8MQP5DtWhfxQrQG6Iy/GJiuQXKFV 21ervMAhlltNuToBol+2XAa3dUT3NRt4AtesrDTCuwisYGPT08M71lJs G5I= nic.cz. 1800 IN RRSIG SOA 5 2 1800 20120424070302 20120410070302 35147 nic.cz. mKgGexSsBjhyjuMttBXPVSIXfkJZK7ZG+iAT10P0Ty1cVX6BLc8EtOQW E9edDduVLz0SFZ8qBw3n2kxdcaxRU3BrapottXqw9hMw21SLUW/c7i4Z nmTGjsA8BVO/a/tcA5SjErAHHp03nwQmGv6pY60XPQO+/IzU55YF1L+o U6o= nic.cz. 1800 IN RRSIG MX 5 2 1800 20120424070302 20120410070302 35147 nic.cz. K/16J+ZJkG7lJzx6ss3xt/I37jKLrkwRL8SXf4nDmFj5jilqzWMvFD34 eA2ZVkNpZJrUxDHHO/H917U4SxEuuWJbatAsp85LWyxn4ymygPD8G3LS EXIwQy298CkwcIHkVFyX9KnIqwRwWw2gxIh4G5zPOX3jHwPRBkTh8fuw 7nU= nic.cz. 1800 IN RRSIG AAAA 5 2 1800 20120424070302 20120410070302 35147 nic.cz. ZZCOvlbWqs290eSi+Id4uq1EukN6BFHDC6RBUBM/ka/X711DRlvKnUaP TH44aiw4JRxaynLqJ0jOX95dNDUh/EvKa+K0hlAR7QZfDDBWohdp+c9M 4jRgt0JuKa0aM5kffhbpM+Zk39ijRPqYfS6hxT0QrMbOZ9Xe6Hu8QA5F V1k= nic.cz. 7200 IN RRSIG NSEC 5 2 7200 20120424070302 20120410070302 35147 nic.cz. EksOsJFzRJQYG9x5BsnzP2/VNuqDtqojvrcOnGRMnoMQB72EGopu0MYC 0JRc0FsJUG0+Uanh40CF5GIQ/5hhc7r+Ef+TeB8JrM5+zSN6Jp1na9vF memNW3ti0YAk5+wPlPCRrjdUV8uD5mgrLqWb78yG6ZC0OeXXSDb84CRE b5c= nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20120424070302 20120410070302 35147 nic.cz. uJm0LtsHJZeKRnw5b/lxwwEcEdVUvKR89Fv5DIc+jvVRxLq7Xk88D5p7 F2QW24ID/ZPr6xPqFvSQc/zukTlhFLqdCZm2qT8Z7E9INKHeURY66YzJ f8BU/YgLpQ2ncAyZ7owbsA1QBbWVbr8YGOo45NEgeOq/K7KnEh7f8Myw qtc= nic.cz. 3600 IN RRSIG DNSKEY 5 2 3600 20120424070302 20120410070302 59916 nic.cz. sM75io5hQwas1Qz0j7s2cmKy+lsF9OTE2Lq+0lMtrwKOX/QS+JfwTxQQ tGYOKjSr3yDVRL6WQZgA8ZmconL4iXOViVDGHEQtWZGxq+RjiqPxOk/O pRumpcZU2iUx9ZSKpQnoRirL0Gt6ikC0K2TQQewbIxpVYpa6w+5/rM6H eL9osTAszRecRyOag2YMs4O3oJyLbtiYrPFHEw/tfanZtQZuIFOxHU/J mvB3V0HRdozddrEttwG26qSfirGdC0gVDecMOeZ83VFp3Ig/qnwPfQTX fWqQWG7U9JDix5jQPJRplId4tULtdDjiZCrTbLdPl8o90SgzwWictL2m 7LXU7A== ;; ADDITIONAL SECTION: a.ns.nic.cz. 1800 IN A 194.0.12.1 b.ns.nic.cz. 1800 IN A 194.0.13.1 d.ns.nic.cz. 1800 IN A 193.29.206.1 mail.nic.cz. 1800 IN A 217.31.204.67 mail4.nic.cz. 1800 IN A 217.31.204.67 bh.nic.cz. 1800 IN A 217.31.204.252 a.ns.nic.cz. 1800 IN AAAA 2001:678:f::1 b.ns.nic.cz. 1800 IN AAAA 2001:678:10::1 d.ns.nic.cz. 1800 IN AAAA 2001:678:1::1 mail.nic.cz. 1800 IN AAAA 2001:1488:800:400::400
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=813383
May be we should just defer it for now, I do not see a lot of harm.
Let me repeat the important part from comment #1: A and AAAA records are often used in zone's root record. It is not a good idea to disallow A and AAAA records in root record. (But request for disallowing CNAME is valid.)
Metadata Update from @mkosek: - Issue assigned to pvoborni - Issue set to the milestone: Tickets Deferred
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.