[Freeipa-users] Slave DNS on FreeIPA replica

[Rob Crittenden]

Christopher Young wrote:
> I have - what I believe to be - a couple of basic questions (I apologize
> in advance if these are answered elsewhere, though I've tried to do some
> searching ahead of time.):
> 
> I recently added an IPA replica to an existing IPA server and noticed
> that everything appeared to succeed in the setup.  One observation is
> that DNS (bind) was not set up on this new host.  I was wondering if
> this is normal behavior, and if so, is there a set of instructions
> needed to add/create additional DNS servers for use with FreeIPA?
> 
> Ideally, I would like to have DNS running on all IPA hosts. 
> Additionally, I plan on adding a pair of caching/slave DNS servers
> running standing BIND on remote networks and was wondering what the
> procedure would be to slave those zones onto those.  Would that be the
> same as allowing the transfer from those IPs and treating them just like
> any other BIND slave for the appropriate zones?
> 
> I appreciate the clarifications and all the effort that goes into this!

DNS and a CA are optional components in a replica. You can add them
using ipa-dns-install and ipa-ca-install respectively.

To install bind during the replica install process add the option
--setup-dns.

rob