Unless I am way off here - what I need to do is set the replica to NOT
be DNS, but then standup another replica inside the same "location" with
DNS and make sure the hosts in that location talk to it, and in the
inside location, they talk to the other host. The point is, and I think
this is what I missed,, not ALL replicas have to have DNS setup. And
that resolves the problem with the 2 talking that are connected across
Please tell me I am on the right path?
On 6/21/17 9:22 AM, Kat wrote:
I think I see the problem - I am really trying to do Split DNS in this
configuration. So I need to keep DNS working, but somehow there must
be a way to have the replica on the outside of the firewall understand
that there is split DNS involved. I am having an issue figuring out if
FreeIPA DNS can do that? Any pointers to some docs?
On 6/20/17 1:32 PM, Kat wrote:
Here is an odd problem (I think).
I am using IPA in one environment, and want to set up a replica in
another environment through natted connections. I can setup the
client to the NAT server, but here is the tricky part - IPA is also
DNS. So if I try to bring the DNS setup over with --
ipa-replica-install --setup-dns --forwarder=10.x.x.x --setup-ca
It fails, because when it tries to lookup the master on the other
side of the NAT FW, of course it resolves incorrectly. The first
failure is conn-check, so even if I --skip-conncheck, it still fails
since DNS will not resolve.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org