[Freeipa-users] steps to debug SOA serial being out of sync?
Anthony Clark
anthonyclarka2 at gmail.com
Fri Jul 8 17:13:33 UTC 2016
Hello All,
I have two FreeIPA servers set up as follows:
ns01: ipa-server-install --realm=DEV.REDACTED.NET --mkhomedir --setup-dns
--ssh-trust-dns --forwarder=1.2.3.4
ns02: ipa-replica-install
/var/lib/ipa/replica-info-ns02.dev.redacted.net.gpg --setup-ca --mkhomedir
--ssh-trust-dns --setup-dns --forwarder=1.2.3.4
Now, after being in use for a few months, my SOA serial numbers are
different as reported by the two servers:
ns01 reports 1467996578
ns02 reports 1467996455
[root at ns02 ~]# ipa dnszone-show dev.redacted.net
...
SOA serial: 1467996455
...
Same result on ns01, 1467996455
ipa-replica-conncheck is fine.
After an "ipactl restart" on ns02 (thinking that I needed to refresh the
ns02 FreeIPA instance somehow) the SOA serial on ns02 increments *beyond*
that of ns01:
ns01: 1467996578
ns02: 1467997519
Another "ipactl restart" on ns02 results in:
ns01: 1467996578
ns02: 1467997595
running "ipactl restart" on ns01 results in:
ns01: 1467997873
ns02: 1467997595
ns02 doesn't seem to be getting its serial number from ns01 at all.
Did I set up ns02 incorrectly? Should I have skipped the "--setup-dns" on
the replica?
Does anyone have any suggestions on how to debug this further?
Thanks,
Anthony Clark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160708/d9a418c3/attachment.htm>
More information about the Freeipa-users
mailing list