if [dbmodules] section is not defined, master krb5 fails to start

freeipa/files/krb5.conf

@@ -23,6 +23,13 @@ includedir /var/lib/sss/pubconf/krb5.include.d/
 [domain_realm]
   .{{ client.domain }} = {{ client.realm }}
   {{ client.domain }} = {{ client.realm }}
+{%- if grains['fqdn'] in  ipa_servers %}
+
+[dbmodules]
+{{ client.realm }} = {
+  db_library = ipadb.so
+}
+{%- endif %}
 
 {#-
 vim: syntax=jinja

freeipa/files/named.conf

@@ -54,16 +54,15 @@ include "/etc/named.root.key";
 {%- set hostname = grains['fqdn'] %}
 {%- endif %}
 
-dynamic-db "ipa" {
-    library "ldap.so";
-    arg "uri ldapi://%2fvar%2frun%2fslapd-{{ server.realm|replace('.', '-') }}.socket";
-    arg "base cn=dns, dc={{ server.domain|replace('.', ',dc=') }}";
-    arg "fake_mname {{ hostname }}.";
-    arg "auth_method sasl";
-    arg "sasl_mech GSSAPI";
-    arg "sasl_user DNS/{{ hostname }}";
-    arg "serial_autoincrement yes";
+dyndb "ipa" "/usr/lib64/bind/ldap.so" {
+        uri "ldapi://%2fvar%2frun%2fslapd-{{ server.realm|replace('.', '-') }}.socket";
+        base "cn=dns, dc={{ server.realm|replace('.', '-') }}";
+        server_id "{{ hostname }}";
+        auth_method "sasl";
+        sasl_mech "GSSAPI";
+        sasl_user "DNS/{{ hostname }}";
 };
+
 include "/etc/named.root.key";
 
 {%- for keyname, key in server.get('dns', {}).get('key', {}).iteritems() %}

freeipa/server/master.sls

@@ -21,6 +21,7 @@ freeipa_server_install:
         {%- if server.get('mkhomedir', True) %} --mkhomedir{%- endif %}
         --auto-reverse
         --no-host-dns
+        --allow-zone-overlap
         --unattended
     - creates: /etc/ipa/default.conf
     - require: