El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió: > On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote: > > Hi, > > > > I would like to use my freeIPA v2 server as my master name server and > > have other normal (non ldap based) bind servers as caching / secondary > > name servers. Ideally the clients would query only the secondary servers > > and the secondary name servers would perform regular zone transfers from > > the master server. > > > > So I'm trying to setup zone transfer in my IPA based name server. First > > of all I see that the attribute "idnsAllowTransfer" referenced in the > > bind-dyndb-ldap documentation is not really supported in the schema > > installed in IPA. Next, using a global "allow-transfer" in named.conf > > doesn't work also. > > A global allow-transfer should work, have you restarted named after > setting it ? > > If it doesn't work we may have a bug.
I'm adding to named.conf options section: allow-transfer { 127.0.0.1; }; then I restart named and try a zone transfer on the same host: # host -l ipa.corpfbk. 127.0.0.1 ; Transfer failed. Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: Host ipa.corpfbk not found: 9(NOTAUTH) ; Transfer failed. In the logs I get: Jun 16 11:10:26 ipa01 named[30044]: client 127.0.0.1#59303: bad zone transfer request: 'ipa.corpfbk/IN': non-authoritative zone (NOTAUTH) -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve ------------------------------------------------------------ -O9 -omg-optimize -fomit-instructions
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users