[Freeipa-users] Non IPA Connected Slave DNS Server ?
Petr Spacek
pspacek at redhat.com
Mon Jun 25 09:00:30 UTC 2012
Hello,
sorry for a big delay.
On 06/20/2012 02:25 PM, Gavin Spurgeon wrote:
> Hi All,
>
> Just have a quick question re: $subject
>
> I have seen some BZ's about this, but just wanted to check with the list
> to see what people have to say about this.
>
> I have an IPA Domain (example.com) and it is running as it should be.
>
> I also have 2 Public DNS Servers that run all of my non IPA Zones (in
> the 100s) I want these to DNS Serves to act as Standard Bind Slave
> Servers for my IPA Domain (i.e. to do a simple AXFR from the IPA Master)
Current IPA (with bind-dyndb-ldap driver) supports AXFR itself. Problem lies
in SOA serial number update - it is not maintained for changes done via WebUI
or CLI. If you do any change through WebUI or CLI, you need to manually bump
the SOA serial number.
Any change via DNS dynamic update mechanism (nsupdate) will bump the SOA
serial automatically.
> a, No adding the Public DNS Servers to IPA is not an option...
> b, Is this possible *now*
You can "hack" current IPA and bump SOA serial number e.g. each hour (from
cron). In that case zone will be transferred each hour to slave server, but
you will waste some bandwidth.
> c, does any one have any other suggestions, on how to get my desired goal ?
You have to set idnsAllowTransfer attribute in relevant zones, see
http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=blob;f=README
> d, if not, when will this be possible ?
Automatic SOA serial number update is on the roadmap for 3.0, stay tuned.
Petr^2 Spacek
> Gavin Spurgeon.
> AKA Da Geek
More information about the Freeipa-users
mailing list