Yes, this is by design. Each IPA replica is writable, so DNS-enabled replicas advertise themselves as authoritative servers for the zones. They can replicate data over LDAP, do making them authoritative captures DNS clients willing to do updates and thus reduces overall load to otherwise a single authoritative server.
It is partially covered in https://www.freeipa.org/page/V4/DNS:_Automatic_Zone_NS/SOA_Record_Maintenance.html -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland On Fri, 16 May 2025, 20.20 Jerzy Borkowski via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > I run freeipa (VERSION: 4.12.2, API_VERSION: 2.254) > in config with 2 servers: server1, server2 > Both under docker using freeipa-server-container. > > DNS is integrated into freeipa. > > I set idnsSOAmName using freeipa UI to preferred server, say server1. > This is correctly reflected in LDAP: > > idnsSOAmName: server1.example.com. > > However, when I run 'host' command I get different values > for mname : > > host -t soa example.com server1.example.com > example.com has SOA record server1.example.com. hostmaster.example.com. > 1747399498 3600 900 1209600 3600 > > host -t soa example.com server2.example.com > example.com has SOA record server2.example.com. hostmaster.example.com. > 1747399498 3600 900 1209600 3600 > > mname appears to be the same as freeipa DNS server name. > Is this by design? > > kind regards, > > Jurek > > > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
