[Freeipa-devel] IPA server resolv.conf
Martin Kosek
mkosek at redhat.com
Mon Sep 17 07:15:55 UTC 2012
On 09/17/2012 09:06 AM, Petr Spacek wrote:
> Discussion about patch "Set master_kdc and dns_lookup_kdc to true)" reminds one
> related problem:
>
> Our server installer puts line "nameserver 127.0.0.1" to /etc/resolv.conf, but
> this file should contain all (or three nearest) DNS servers in IPA domain.
>
> As a result, IPA server will work even after local named crash (which is not so
> rare as I want :-().
>
> New ticket:
> https://fedorahosted.org/freeipa/ticket/3085
>
> Martin, what do you think?
>
> How we can update resolv.conf to reflect replica addition/deletion?
>
> Should it be done manually? E.g. ipa-replica-install script can print "don't
> forget to add this server to /etc/resolv.conf on other servers"?
>
> Petr^2 Spacek
>
It would not be difficult to pull a list of IPA masters with DNS support during
ipa-{server,replica}-install and write more IPs to the resolv.conf. But I think
there may be an issue when somebody willingly stop a remote replica or
uninstall it. He would also need to remove it's IP from all resolv.confs in all
replicas...
Btw. why would IPA server fail when a local named crashes? A record in
/etc/hosts we always add should still enable local IPA services to work or do I
miss something?
Martin
More information about the Freeipa-devel
mailing list