On Mon, Apr 9, 2012 at 3:01 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Dmitri Pal wrote: >> >> On 04/09/2012 03:02 PM, KodaK wrote: >>> >>> On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pal<d...@redhat.com> wrote: >>>> >>>> On 04/09/2012 02:50 PM, KodaK wrote: >>>>> >>>>> On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal<d...@redhat.com> wrote: >>>>>> >>>>>> On 04/09/2012 02:41 PM, KodaK wrote: >>>>>>> >>>>>>> On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal<d...@redhat.com> wrote: >>>>>>>> >>>>>>>> On 04/09/2012 02:07 PM, KodaK wrote: >>>>>>>>> >>>>>>>>> I have two IPA servers. The primary/master is SLPIDML01 and the >>>>>>>>> replica is SLPIDML01. I have followed the instructions for >>>>>>>>> creating a >>>>>>>>> replica and the install on SLPIDML02 completed successfully. >>>>>>>>> However, >>>>>>>>> the instructions tell me to add some entries to the DNS zone file, >>>>>>>>> and >>>>>>>>> I'm stumped. >>>>>>>>> >>>>>>>>> The FreeIPA documentation has this to say about setting up DNS for >>>>>>>>> replicas: >>>>>>>>> >>>>>>>>> Updating DNS for IPA Replicas >>>>>>>>> >>>>>>>>> After you have configured a new IPA replica, you should update your >>>>>>>>> DNS entries so that IPA clients can discover the new server. For >>>>>>>>> example, for an IPA replica with a server name of $HOST, you should >>>>>>>>> add the following entries to your zone file: >>>>>>>>> >>>>>>>>> _ldap._tcp IN SRV 0 100 389 $HOST >>>>>>>>> _kerberos._tcp IN SRV 0 100 88 $HOST >>>>>>>>> _kerberos._udp IN SRV 0 100 88 $HOST >>>>>>>>> _kerberos-master._tcp IN SRV 0 100 88 $HOST >>>>>>>>> _kerberos-master._udp IN SRV 0 100 88 $HOST >>>>>>>>> _kpasswd._tcp IN SRV 0 100 464 $HOST >>>>>>>>> _kpasswd._udp IN SRV 0 100 464 $HOST >>>>>>>>> _ntp._udp IN SRV 0 100 123 $HOST >>>>>>>>> >>>>>>>>> I know very little about configuring DNS. Where exactly should >>>>>>>>> this >>>>>>>>> go? It says to add it to your zone file, all I see is a >>>>>>>>> named.rfc1912.zones file, and it appears to be rather structured. >>>>>>>>> Do >>>>>>>>> I just dump these at the end? That doesn't seem to make any sense. >>>>>>>>> I >>>>>>>>> see a reference to /var/named/example.com.zone.db, but I don't have >>>>>>>>> one for my domain, and I still don't know what the format of the >>>>>>>>> file >>>>>>>>> should be. Do I need to make entries for both hosts (and any >>>>>>>>> others I >>>>>>>>> add in the future?) >>>>>>>>> >>>>>>>> What DNS server do you use? >>>>>>>> Did you consider using DNS server that comes with IPA? >>>>>>>> >>>>>>> I am using the DNS server that comes with IPA. >>>>>> >>>>>> Then the replicas are added automatically to the DNS servers managed >>>>>> by >>>>>> IPA. I think the documentation refers to the case when you are not >>>>>> using >>>>>> the DNS server provided by IPA. Then you need to add mentioned >>>>>> entries. >>>>>> If this is not clear please open a ticket and provide a pointer to the >>>>>> section that caused the confusion. >>>>> >>>>> I've opened a ticket, thanks. >>>>> >>>>> When I manually turn off the network interfaces on the master, the >>>>> replica does not take over. >>>> >>>> How you test it? >>>> The client will fail over if it can't access the server that you turned >>>> off. >>>> >>>> >>>>> For the record, the documentation makes no discernible differentiation >>>>> between IPA's DNS and external DNS: >>>>> >>>>> "Once the installation process completes, update the DNS entries so >>>>> that IPA clients can discover the new server. For example, for an IPA >>>>> replica with a hostname of ipareplica.example.com:" >>> >>> Sorry, I thought I did reply to the list. >>> >>> I must be misunderstanding something. >>> >>> When I ipa-replica-install it does not automatically set up a DNS >>> replica, correct? >>> >>> When I run ipa dnsrecord-add domain.com @ --ns-rec >>> slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new >>> host is now a nameserver, correct? >>> >>> So at what point do DNS entries replicate? Or do I set that up outside >>> of IPA? >>> >>> Thanks again, >>> >>> --Jason >> >> >> Rob, >> >> When we add replicas, do we create SRV records for them automatically? I >> thought so but may be I am wrong? Can you please chime in? >> > > Yes, we always try to create the SRV records when installing a replica. >
Ok, thanks, guys. I must have something misconfigured, then. I'll dig a bit and probably post again later. At least I know what it *should* be doing now. --Jason _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users