Yes, this is by design. Each IPA replica is writable, so DNS-enabled
replicas advertise themselves as authoritative servers for the zones. They
can replicate data over LDAP, do making them authoritative captures DNS
clients willing to do updates and thus reduces overall load to otherwise a
single authoritative server.

It is partially covered in
https://www.freeipa.org/page/V4/DNS:_Automatic_Zone_NS/SOA_Record_Maintenance.html

-- 
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland


On Fri, 16 May 2025, 20.20 Jerzy Borkowski via FreeIPA-users, <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi,
>
> I run freeipa (VERSION: 4.12.2, API_VERSION: 2.254)
> in config with 2 servers: server1, server2
> Both under docker using freeipa-server-container.
>
> DNS is integrated into freeipa.
>
> I set  idnsSOAmName using freeipa UI to preferred server, say server1.
> This is correctly reflected in LDAP:
>
> idnsSOAmName: server1.example.com.
>
> However,  when I run 'host' command I get different values
> for mname :
>
> host -t soa example.com server1.example.com
> example.com has SOA record server1.example.com. hostmaster.example.com.
> 1747399498 3600 900 1209600 3600
>
> host -t soa example.com server2.example.com
> example.com has SOA record server2.example.com. hostmaster.example.com.
> 1747399498 3600 900 1209600 3600
>
> mname appears to be the same as freeipa DNS server name.
> Is this by design?
>
> kind regards,
>
> Jurek
>
>
> --
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
-- 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to