Hash: SHA1

On 04/04/2011 05:17 PM, Sigbjorn Lie wrote:
> The first dig is taken on the ipa server, using it's own IPA configured
> test DNS. However I have a F14 client successfully connected using my
> prod DNS (my DHCP default). Prod DNS is serving the same _ldap._tcp
> records for the same IPA server. My prod dns is serving TTL 1 second for
> the same records.
> I presume what happened was that I started the SSSD on the IPA server
> while it was still being served by the PROD dns. Then I changed the
> nameserver entries after.
> What gets to me is that I've used the prod DNS setup for testing with
> F14 for months now, without any issue. This first became an issue when I
> reinstalled the IPA server with RHEL 6.1 beta.
> Was that really it? Too low TTL on the DNS entries?

If I remember correctly, the change that added _srv_ by default to
sssd.conf went in during one of the later release candidates for
FreeIPA. So it's likely that for most of your time testing it, you only
had the explicit server address in the config file.

I do encourage you to keep the _srv_ entry, as it really does make life
a lot easier later on (if you want to add a replica or move the FreeIPA
server) since you only have to update DNS instead of every client.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to