[Freeipa-users] BIND named.conf

[Simo Sorce]

On Fri, 2012-07-13 at 21:20 -0400, Michael Mercier wrote:
> I will try to be more clear...
> 
> My IPA zone is named intranet.local running on ipaserver1 and  
> ipaserver2.
> I have another zone (call it "myzone.tld") hosted on some other  
> systems.  I would like ipaserver1 and ipaserver2 to both be a slave  
> for this zone (not use a forwarder for the zone).
> 
> Considering that ipaserver1 and ipaserver2 use the dynamic-db entry in  
> named.conf, is there anything that I should be concerned about if I  
> were to add:
> 
> zone "myzone.tld" {
>       type slave;
>       file "slave/myzone.db"
>       masters { u.x.y.z;  w.x.y.z; };
>       allow-notify { u.x.y.z;  w.x.y.z; };
>       also-notify { ipaserver2 };
> };
> 
> to ipaserver1?

This will work, the only "concern" is that the IPA framework will be
totally oblivious of this zone, so no manipulation will be possible.

So as long as no conflicting zone is present in LDAP bind will happily
server the manually configured slave zone as any normal bind instance
would.

> I had considered adding the zone via 'ipa dnszone-add  
> ipaserver1.intranet.local' but I did not find anything specific in the  
> documentation describing how to configure the new zone as a slave of  
> another system.

Slave zones are not supported via the LDAP storage and IPA framework at
this time.

>   Also, the number of entries in the zone is large and  
> there are a many updates per day and I was uncertain of the type of  
> performance I could expect.

Unfortunately slaving is not supported at the moment, but just out of
curiosity what is the ballpark number for "many updates" ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York