[Freeipa-users] Slave DNS on FreeIPA replica

Baird, Josh jbaird at follett.com
Mon Apr 6 23:26:31 UTC 2015 

Yes, but you need to allow zone transfers to your non-IPA servers:

$ ipa dnszone-mod --allow-transfer="1.2.3.4" domain.com

(where 1.2.3.4 is the IP of your new slave and domain.com is the zone name you want to transfer)

Josh

From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Christopher Young
Sent: Monday, April 06, 2015 7:02 PM
To: Rob Crittenden
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Slave DNS on FreeIPA replica

I clearly missed that.  Thanks for the clarification.  As far as adding additional DNS servers merely to slave the zones, is that more or less the same as configuring any other bind slave?

On Mon, Apr 6, 2015 at 3:15 PM, Rob Crittenden <rcritten at redhat.com<mailto:rcritten at redhat.com>> wrote:
Christopher Young wrote:
> I have - what I believe to be - a couple of basic questions (I apologize
> in advance if these are answered elsewhere, though I've tried to do some
> searching ahead of time.):
>
> I recently added an IPA replica to an existing IPA server and noticed
> that everything appeared to succeed in the setup.  One observation is
> that DNS (bind) was not set up on this new host.  I was wondering if
> this is normal behavior, and if so, is there a set of instructions
> needed to add/create additional DNS servers for use with FreeIPA?
>
> Ideally, I would like to have DNS running on all IPA hosts.
> Additionally, I plan on adding a pair of caching/slave DNS servers
> running standing BIND on remote networks and was wondering what the
> procedure would be to slave those zones onto those.  Would that be the
> same as allowing the transfer from those IPs and treating them just like
> any other BIND slave for the appropriate zones?
>
> I appreciate the clarifications and all the effort that goes into this!
DNS and a CA are optional components in a replica. You can add them
using ipa-dns-install and ipa-ca-install respectively.

To install bind during the replica install process add the option
--setup-dns.

rob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150406/77d7cc1d/attachment.htm>

More information about the Freeipa-users mailing list