[Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent to slaves

nathan at nathanpeters.com nathan at nathanpeters.com
Mon May 4 22:24:33 UTC 2015 

freeipa-admintools.x86_64          4.1.4-1.el7.centos           
@mkosek-freeipa
freeipa-client.x86_64              4.1.4-1.el7.centos           
@mkosek-freeipa
freeipa-python.x86_64              4.1.4-1.el7.centos           
@mkosek-freeipa
freeipa-server.x86_64              4.1.4-1.el7.centos           
@mkosek-freeipa
freeipa-server-trust-ad.x86_64     4.1.4-1.el7.centos           
@mkosek-freeipa

bind.x86_64                        32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-dyndb-ldap.x86_64             6.1-1.el7.centos             
@mkosek-freeipa
bind-libs.x86_64                   32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-libs-lite.x86_64              32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-license.noarch                32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-pkcs11.x86_64                 32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-pkcs11-libs.x86_64            32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-pkcs11-utils.x86_64           32:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa

And for reference here are the relevant A and NS records from my domain

@ NS dc1.mydomain.net.
@ NS dc2.mydomain.net.
@ NS dns1.mydomain.net.
dns1 A 10.21.0.14

> Hello!
>
> On 2.5.2015 17:12, Nathan Peters wrote:
>> The last 3 sentences of my original post refer to me adding the NS
>> records for
>> the slave.  Is that what you mean?
>>
>> "I have also ensured that the slave hostname and IP are in FreeIPA DNS.
>> I
>> have also added an NS entry pointing to the slave."
>
> Which version of FreeIPA and bind-dyndb-ldap are you using?
>
> I will look into it.
>
> Petr^2 Spacek
>
>
>> -----Original Message----- From: Baird, Josh
>> Sent: Saturday, May 02, 2015 7:33 AM
>> To: 'nathan at nathanpeters.com' ; freeipa-users at redhat.com
>> Subject: RE: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being
>> sent to
>> slaves
>>
>> Is the PowerDNS slave in the NS RRSet for the IPA domain?
>> Unfortuantely,
>> bind-dyndb-ldap does not support 'also-notify' which would allow us to
>> send
>> notifies each time a zone update occurs to slave servers that are not in
>> the
>> RRSet [1].  To compensate for this in my environment, I had to lower the
>> 'refresh' timer on the IPA zone.
>>
>> [1] https://fedorahosted.org/bind-dyndb-ldap/ticket/152
>>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com
>> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of
>> nathan at nathanpeters.com
>> Sent: Friday, May 1, 2015 8:20 PM
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent
>> to slaves
>>
>> I have 2 FreeIPA 4.1.4 servers setup on CentOS 7 as replicas.
>>
>> I also have another host running PowerDNS serving as a slave.
>> The FreeIPA servers are setup to allow transfers to the slave by IP.
>> When
>> adding the zone, the slave transfered it properly.
>>
>> However, when I update the zone in FreeIPA, although the serial number
>> changes, in the /var/log/messages I only see an attempt to transfer to
>> the
>> second IPA server, and not the slave.  This is the only log entry :
>>
>> May  2 01:06:56 dc1 named-pkcs11[5897]: zone mydomain.net/IN: sending
>> notifies
>> (serial 1430528817) May  2 01:06:57 dc1 named-pkcs11[5897]: client
>> 10.178.0.99#29832: received notify for zone 'mydomain.net'
>>
>> I have restarted all services using ipactl restart several times.  I
>> have also
>> ensured that the slave hostname and IP are in FreeIPA DNS.  I have also
>> added
>> an NS entry pointing to the slave.
>>
>> According to the FreeIPA manual, once that NS entry is added, any zone
>> updates
>> should trigger a notify, but still the only notifications go out to
>> FreeIPA
>> servers and nothing else.
>>
>> Any idea how to fix this so FreeIPA notifies non IPA servers?  I'm
>> pretty sure
>> I've followed all the instructions to the letter on this one...
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>

More information about the Freeipa-users mailing list