[Freeipa-users] Mutli site IPA scenario - DNS issue
Jan Karásek
jan.karasek at elostech.cz
Tue Mar 14 16:05:29 UTC 2017
Hi,
please can you point me to right direction with this issue ?
Scenario:
Site A, Site B, IPA in Site A is already installed with DNS, CA and i want to create replica to Site B.
OS: RHEL 7.3, IPA 4.4
Site A - 192.168.0.0/24
IPA_A server interfaces:
eth0: 192.168.0.10 -- access for clients in Site A
eth1: 192.168.10.100 -- interface to Site B
domain: sitea.mylab.test
Site B - 192.168.1.0/24
IPA_B server interfaces:
eth0: 192.168.1.10 -- access for clients in Site B
eth1: 192.168.10.200 -- interface to Site A
domain: siteb.mylab.test
IPA clients can reach only servers in their own site via eth0 - no access to IPA servers in other sites.
Servers can communicate with each other only via eth1.
I am having trouble to find out how to set DNS records for this scenario.
Just now I have IPA_A installed and i want to create replica to IPA_B server.
DNS for zone sitea.mylab.test:
ipa_a A 192.168.0.10
... SRV ipa_a.sitea.mylab.test
So just now in DNS I have only A record for interface facing Site A.
Trouble is that server in Site B (ipa_b) is not able to communicate with server in Site A (ipa_a) via 192.168.0.10 address which it gets from DNS, servers can communicate only on eth1 (192.168.10.0/24).
So when I point resolv.conf on IPA_B to IPA_A and try to run
ipa-replica-install --principal admin --admin-password admin_password --setup-dns --setup-ca ...
I can not access IPA_A server because it is resolving to 192.168.0.10.
So is this supported scenario ? What would be solution ? I can probably fix that in /etc/hosts file, but I would like to keep it all in DNS.
Thank you,
Jan
More information about the Freeipa-users
mailing list