[Freeipa-users] Non IPA Connected Slave DNS Server ?
Petr Spacek
pspacek at redhat.com
Tue Jun 26 10:14:52 UTC 2012
On 06/25/2012 11:00 AM, Petr Spacek wrote:
> Hello,
>
> sorry for a big delay.
>
> On 06/20/2012 02:25 PM, Gavin Spurgeon wrote:
>> Hi All,
>>
>> Just have a quick question re: $subject
>>
>> I have seen some BZ's about this, but just wanted to check with the list
>> to see what people have to say about this.
>>
>> I have an IPA Domain (example.com) and it is running as it should be.
>>
>> I also have 2 Public DNS Servers that run all of my non IPA Zones (in
>> the 100s) I want these to DNS Serves to act as Standard Bind Slave
>> Servers for my IPA Domain (i.e. to do a simple AXFR from the IPA Master)
> Current IPA (with bind-dyndb-ldap driver) supports AXFR itself. Problem lies
> in SOA serial number update - it is not maintained for changes done via WebUI
> or CLI. If you do any change through WebUI or CLI, you need to manually bump
> the SOA serial number.
> Any change via DNS dynamic update mechanism (nsupdate) will bump the SOA
> serial automatically.
>
>> a, No adding the Public DNS Servers to IPA is not an option...
>> b, Is this possible *now*
> You can "hack" current IPA and bump SOA serial number e.g. each hour (from
> cron). In that case zone will be transferred each hour to slave server, but
> you will waste some bandwidth.
>
>> c, does any one have any other suggestions, on how to get my desired goal ?
> You have to set idnsAllowTransfer attribute in relevant zones, see
> http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=blob;f=README
>
>> d, if not, when will this be possible ?
> Automatic SOA serial number update is on the roadmap for 3.0, stay tuned.
You can read recent discussion about this feature in archive:
https://www.redhat.com/archives/freeipa-devel/2012-May/msg00047.html
IPA environment is multi-mastered and we are seeking for a best trade-off. The
last proposed approach is "local SOA serial" - each BIND server will manage
own SOA serial number.
Please read thread above and post your opinion.
Petr^2 Spacek
>> Gavin Spurgeon.
>> AKA Da Geek
More information about the Freeipa-users
mailing list