[Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to slaves

Petr Spacek pspacek at redhat.com
Mon May 4 08:43:57 UTC 2015 

Hello!

On 2.5.2015 17:12, Nathan Peters wrote:
> The last 3 sentences of my original post refer to me adding the NS records for
> the slave.  Is that what you mean?
> 
> "I have also ensured that the slave hostname and IP are in FreeIPA DNS.  I
> have also added an NS entry pointing to the slave."

Which version of FreeIPA and bind-dyndb-ldap are you using?

I will look into it.

Petr^2 Spacek


> -----Original Message----- From: Baird, Josh
> Sent: Saturday, May 02, 2015 7:33 AM
> To: 'nathan at nathanpeters.com' ; freeipa-users at redhat.com
> Subject: RE: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to
> slaves
> 
> Is the PowerDNS slave in the NS RRSet for the IPA domain?  Unfortuantely,
> bind-dyndb-ldap does not support 'also-notify' which would allow us to send
> notifies each time a zone update occurs to slave servers that are not in the
> RRSet [1].  To compensate for this in my environment, I had to lower the
> 'refresh' timer on the IPA zone.
> 
> [1] https://fedorahosted.org/bind-dyndb-ldap/ticket/152
> 
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of nathan at nathanpeters.com
> Sent: Friday, May 1, 2015 8:20 PM
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to slaves
> 
> I have 2 FreeIPA 4.1.4 servers setup on CentOS 7 as replicas.
> 
> I also have another host running PowerDNS serving as a slave.
> The FreeIPA servers are setup to allow transfers to the slave by IP.  When
> adding the zone, the slave transfered it properly.
> 
> However, when I update the zone in FreeIPA, although the serial number
> changes, in the /var/log/messages I only see an attempt to transfer to the
> second IPA server, and not the slave.  This is the only log entry :
> 
> May  2 01:06:56 dc1 named-pkcs11[5897]: zone mydomain.net/IN: sending notifies
> (serial 1430528817) May  2 01:06:57 dc1 named-pkcs11[5897]: client
> 10.178.0.99#29832: received notify for zone 'mydomain.net'
> 
> I have restarted all services using ipactl restart several times.  I have also
> ensured that the slave hostname and IP are in FreeIPA DNS.  I have also added
> an NS entry pointing to the slave.
> 
> According to the FreeIPA manual, once that NS entry is added, any zone updates
> should trigger a notify, but still the only notifications go out to FreeIPA
> servers and nothing else.
> 
> Any idea how to fix this so FreeIPA notifies non IPA servers?  I'm pretty sure
> I've followed all the instructions to the letter on this one...
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list