[Freeipa-users] External DNS and replication

Martin Basti mbasti at redhat.com
Wed Mar 8 13:54:16 UTC 2017 


On 08.03.2017 14:05, Wimmer Ronald (BCC.B.SO) wrote:
>
> Hi,
>
>  
>
> I am using FreeIPA with external DNS. Is it ok to balance the requests
> between master and replica with DNS SRV records like this:
>
>  
>
> _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net.
>
> _kerberos-master._udp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net.
>
> _kerberos._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net.
>
> _kerberos._udp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net.
>
> _kpasswd._tcp.example.net. 86400 IN SRV 10 50 464 ipa1.example.net.
>
> _kpasswd._udp.example.net. 86400 IN SRV 10 50 464 ipa1.example.net.
>
> _ldap._tcp.example.net. 86400 IN SRV 10 50 389 ipa1.example.net.
>
> _ntp._udp.example.net. 86400 IN SRV 10 50 123 ipa1.example.net.
>
>  
>
> _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net.
>
> _kerberos-master._udp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net.
>
> _kerberos._tcp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net.
>
> _kerberos._udp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net.
>
> _kpasswd._tcp.example.net. 86400 IN SRV 10 50 464 ipa2.example.net.
>
> _kpasswd._udp.example.net. 86400 IN SRV 10 50 464 ipa2.example.net.
>
> _ldap._tcp.example.net. 86400 IN SRV 10 50 389 ipa2.example.net.
>
> _ntp._udp.example.net. 86400 IN SRV 10 50 123 ipa2.example.net.
>
>  
>
> _kerberos.example.net. 86400 IN TXT "example.net"
>
Looks good to me

> ipa-ca.example.net. 86400 IN A 10.66.39.130
>
>  
>
> What about the “ipa-ca” entry?
>

ipa-ca should contain all A/AAAA records of CA replicas

IPA4.4+ support command `ipa dns-update-system-records --dry-run` to get
all required records
>
>  
>
> Regards,
>
> Ronald
>
>
>

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170308/4ede48d0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170308/4ede48d0/attachment.sig>

More information about the Freeipa-users mailing list