[Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to slaves
Nathan Peters
nathan at nathanpeters.com
Sat May 2 15:12:19 UTC 2015
The last 3 sentences of my original post refer to me adding the NS records
for the slave. Is that what you mean?
"I have also ensured that the slave hostname and IP are in FreeIPA DNS. I
have also added an NS entry pointing to the slave."
-----Original Message-----
From: Baird, Josh
Sent: Saturday, May 02, 2015 7:33 AM
To: 'nathan at nathanpeters.com' ; freeipa-users at redhat.com
Subject: RE: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent
to slaves
Is the PowerDNS slave in the NS RRSet for the IPA domain? Unfortuantely,
bind-dyndb-ldap does not support 'also-notify' which would allow us to send
notifies each time a zone update occurs to slave servers that are not in the
RRSet [1]. To compensate for this in my environment, I had to lower the
'refresh' timer on the IPA zone.
[1] https://fedorahosted.org/bind-dyndb-ldap/ticket/152
-----Original Message-----
From: freeipa-users-bounces at redhat.com
[mailto:freeipa-users-bounces at redhat.com] On Behalf Of
nathan at nathanpeters.com
Sent: Friday, May 1, 2015 8:20 PM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to
slaves
I have 2 FreeIPA 4.1.4 servers setup on CentOS 7 as replicas.
I also have another host running PowerDNS serving as a slave.
The FreeIPA servers are setup to allow transfers to the slave by IP. When
adding the zone, the slave transfered it properly.
However, when I update the zone in FreeIPA, although the serial number
changes, in the /var/log/messages I only see an attempt to transfer to the
second IPA server, and not the slave. This is the only log entry :
May 2 01:06:56 dc1 named-pkcs11[5897]: zone mydomain.net/IN: sending
notifies (serial 1430528817) May 2 01:06:57 dc1 named-pkcs11[5897]: client
10.178.0.99#29832: received notify for zone 'mydomain.net'
I have restarted all services using ipactl restart several times. I have
also ensured that the slave hostname and IP are in FreeIPA DNS. I have also
added an NS entry pointing to the slave.
According to the FreeIPA manual, once that NS entry is added, any zone
updates should trigger a notify, but still the only notifications go out to
FreeIPA servers and nothing else.
Any idea how to fix this so FreeIPA notifies non IPA servers? I'm pretty
sure I've followed all the instructions to the letter on this one...
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list