Hi, The command *ipa dns-update-system-records* can be used to add the missing records. If you'd rather add them manually, the command can be run with the *--dry-run* option and will display the expected records but will not perform any update.
flo On Thu, Mar 31, 2022 at 2:26 PM Rob Crittenden via FreeIPA-users < [email protected]> wrote: > lejeczek via FreeIPA-users wrote: > > Hi guys. > > > > What is 'ipa-ca' for and what should it point to? > > Also, should IPA change that record ever? > > > > Reason I ask - from the docs as I understand - it should point to all CA > > servers in the domain, but it not happening. > > It is a generic name for the CAs initially for the OCSP and CRL > endpoints. If a fixed hostname was stored there then if/when that server > disappears, no more resolving OCSP. > > It is also used for ACME as a generic name that can be used across your > infra. > > I suppose its possible that you may have some old enough servers that > predate the ipa-ca name. I have a faint memory that servers marked as > HIDDEN also don't have this entry. > > It's fine to manually add the missing record in this case. IIRC there is > no task to seek out all CAs and add them. > > rob > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
