Thanks for the pointers / explanations everyone. It would be nice if adding a replica didn't reset the SOA/NS, but the main reason I say that isn't due to the actual work of fixing it, but that once we're set up with replicas in all our offices we'll add new ones so infrequently I guarantee this will get forgotten / overlooked and cause confusion, even though I will put it into the internal KB :D
Would be nice if there was a per-zone setting to prevent this reset - perhaps even some option to specify public/private IPs for each replica and a simple public/private switch on the zone, so that it would default to using the correct IPs (and any without public IPs on a public zone would just not appear in NS/SOA records), but I understand this is outside the scope that FreeIPA is interested in supporting. If I manually add extra NS records, will they get nuked when adding a replica, or just not be listed in SOA anymore? If nobody is sure I'll try to test this... On Thu, Nov 8, 2018 at 10:14 PM, Peter Fern via FreeIPA-users < [email protected]> wrote: > On 9/11/18 3:07 pm, John Petrini via FreeIPA-users wrote: > >> The mname override now lives in ldap and is configured using the >> dnsserver-mod command. fake_mname is no longer included in named.conf. >> I think that feature was added to address this issue: >> https://pagure.io/bind-dyndb-ldap/issue/162 >> >> We use TSIG for dynamic updates without any issues, not sure if >> something has changed there but it works for us. >> > > > Good to know - things may indeed have changed, last time I messed with > this was on v4.3.x. > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@ > lists.fedorahosted.org >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
