Hi,I setup a while a go a freeIPA cluster and all records are replicated.The 
issue is that I found out the  secondary DNS was probably configured as caching 
dns as it's not recognized as a DNS role on the web gui.How can i configure it 
to be a replicate DNS role correctly (note that the original conf had the 
listen on 127.0.0.1. weird..) ? Thanks,Tiran.
this is my secondary IPA named.conf
/ named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html




options {

//      listen-on port 53 { 127.0.0.1; };

//      listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };




        /*

         - If you are building an AUTHORITATIVE DNS server, do NOT enable 
recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to 
enable

           recursion.

         - If your recursive DNS server has a public IP address, you MUST 
enable access

           control to limit queries to your legitimate users. Failing to do so 
will

           cause your server to become part of large scale DNS amplification

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface

        */

        recursion yes;




        dnssec-enable yes;

        dnssec-validation yes;




        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";




        managed-keys-directory "/var/named/dynamic";




        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};




logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};




zone "." IN {

        type hint;

        file "named.ca";

};




include "/etc/named.rfc1912.zones";

include "/etc/named.root.key"; 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to