[Freeipa-users] Should IPA Replica DNS SOA Serials match?
Baird, Josh
jbaird at follett.com
Fri Jan 6 19:38:19 UTC 2017
Yes, this is expected.
>From the IPA documentation [1]:
"The IdM-integrated DNS is multi-master. SOA serial numbers in IdM zones are not synchronized between IdM servers. For this reason, configure DNS slave servers to only use one IdM master server. This prevents zone transfer failures caused by non-synchronized SOA serial numbers."
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-master-dns-zones.html#zone-transfers
Thanks,
Josh
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jake
Sent: Friday, January 6, 2017 2:25 PM
To: freeipa-users <freeipa-users at redhat.com>
Subject: [Freeipa-users] Should IPA Replica DNS SOA Serials match?
Hey All,
I currently have 4 ipa 4.2 masters and none of the SOA Serials match, is this expected behavior of bind-ldap?
ipa01 - 1483710336
ipa02 - 1483709696
ipa03 - 1483730432
ipa04 - 1483714048
Thanks!
-Jake
More information about the Freeipa-users
mailing list