[Freeipa-users] Setting up replication, documentation unclear regarding DNS entries

KodaK sakodak at gmail.com
Mon Apr 9 20:46:27 UTC 2012 

On Mon, Apr 9, 2012 at 3:01 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Dmitri Pal wrote:
>>
>> On 04/09/2012 03:02 PM, KodaK wrote:
>>>
>>> On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>
>>>> On 04/09/2012 02:50 PM, KodaK wrote:
>>>>>
>>>>> On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>>>
>>>>>> On 04/09/2012 02:41 PM, KodaK wrote:
>>>>>>>
>>>>>>> On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>>>>>
>>>>>>>> On 04/09/2012 02:07 PM, KodaK wrote:
>>>>>>>>>
>>>>>>>>> I have two IPA servers.  The primary/master is SLPIDML01 and the
>>>>>>>>> replica is SLPIDML01.  I have followed the instructions for
>>>>>>>>> creating a
>>>>>>>>> replica and the install on SLPIDML02 completed successfully.
>>>>>>>>>  However,
>>>>>>>>> the instructions tell me to add some entries to the DNS zone file,
>>>>>>>>> and
>>>>>>>>> I'm stumped.
>>>>>>>>>
>>>>>>>>> The FreeIPA documentation has this to say about setting up DNS for
>>>>>>>>> replicas:
>>>>>>>>>
>>>>>>>>> Updating DNS for IPA Replicas
>>>>>>>>>
>>>>>>>>> After you have configured a new IPA replica, you should update your
>>>>>>>>> DNS entries so that IPA clients can discover the new server. For
>>>>>>>>> example, for an IPA replica with a server name of $HOST, you should
>>>>>>>>> add the following entries to your zone file:
>>>>>>>>>
>>>>>>>>> _ldap._tcp             IN SRV 0 100 389       $HOST
>>>>>>>>> _kerberos._tcp         IN SRV 0 100 88 $HOST
>>>>>>>>> _kerberos._udp         IN SRV 0 100 88 $HOST
>>>>>>>>> _kerberos-master._tcp  IN SRV 0 100 88 $HOST
>>>>>>>>> _kerberos-master._udp  IN SRV 0 100 88 $HOST
>>>>>>>>> _kpasswd._tcp          IN SRV 0 100 464 $HOST
>>>>>>>>> _kpasswd._udp          IN SRV 0 100 464 $HOST
>>>>>>>>> _ntp._udp              IN SRV 0 100 123 $HOST
>>>>>>>>>
>>>>>>>>> I know very little about configuring DNS.  Where exactly should
>>>>>>>>> this
>>>>>>>>> go?  It says to add it to your zone file, all I see is a
>>>>>>>>> named.rfc1912.zones file, and it appears to be rather structured.
>>>>>>>>>  Do
>>>>>>>>> I just dump these at the end?  That doesn't seem to make any sense.
>>>>>>>>>  I
>>>>>>>>> see a reference to /var/named/example.com.zone.db, but I don't have
>>>>>>>>> one for my domain, and I still don't know what the format of the
>>>>>>>>> file
>>>>>>>>> should be.  Do I need to make entries for both hosts (and any
>>>>>>>>> others I
>>>>>>>>> add in the future?)
>>>>>>>>>
>>>>>>>> What DNS server do you use?
>>>>>>>> Did you consider using DNS server that comes with IPA?
>>>>>>>>
>>>>>>> I am using the DNS server that comes with IPA.
>>>>>>
>>>>>> Then the replicas are added automatically to the DNS servers managed
>>>>>> by
>>>>>> IPA. I think the documentation refers to the case when you are not
>>>>>> using
>>>>>> the DNS server provided by IPA. Then you need to add mentioned
>>>>>> entries.
>>>>>> If this is not clear please open a ticket and provide a pointer to the
>>>>>> section that caused the confusion.
>>>>>
>>>>> I've opened a ticket, thanks.
>>>>>
>>>>> When I manually turn off the network interfaces on the master, the
>>>>> replica does not take over.
>>>>
>>>> How you test it?
>>>> The client will fail over if it can't access the server that you turned
>>>> off.
>>>>
>>>>
>>>>> For the record, the documentation makes no discernible differentiation
>>>>> between IPA's DNS and external DNS:
>>>>>
>>>>> "Once the installation process completes, update the DNS entries so
>>>>> that IPA clients can discover the new server. For example, for an IPA
>>>>> replica with a hostname of ipareplica.example.com:"
>>>
>>> Sorry, I thought I did reply to the list.
>>>
>>> I must be misunderstanding something.
>>>
>>> When I ipa-replica-install it does not automatically set up a DNS
>>> replica, correct?
>>>
>>> When I run ipa dnsrecord-add domain.com @ --ns-rec
>>> slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new
>>> host is now a nameserver, correct?
>>>
>>> So at what point do DNS entries replicate?  Or do I set that up outside
>>> of IPA?
>>>
>>> Thanks again,
>>>
>>> --Jason
>>
>>
>> Rob,
>>
>> When we add replicas, do we create SRV records for them automatically? I
>> thought so but may be I am wrong? Can you please chime in?
>>
>
> Yes, we always try to create the SRV records when installing a replica.
>

Ok, thanks, guys.  I must have something misconfigured, then.  I'll
dig a bit and probably post again later.  At least I know what it
*should* be doing now.

--Jason

More information about the Freeipa-users mailing list