sorry for a big delay.

On 06/20/2012 02:25 PM, Gavin Spurgeon wrote:
Hi All,

Just have a quick question re: $subject

I have seen some BZ's about this, but just wanted to check with the list
to see what people have to say about this.

I have an IPA Domain (example.com) and it is running as it should be.

I also have 2 Public DNS Servers that run all of my non IPA Zones (in
the 100s) I want these to DNS Serves to act as Standard Bind Slave
Servers for my IPA Domain (i.e. to do a simple AXFR from the IPA Master)
Current IPA (with bind-dyndb-ldap driver) supports AXFR itself. Problem lies in SOA serial number update - it is not maintained for changes done via WebUI or CLI. If you do any change through WebUI or CLI, you need to manually bump the SOA serial number. Any change via DNS dynamic update mechanism (nsupdate) will bump the SOA serial automatically.

a, No adding the Public DNS Servers to IPA is not an option...
b, Is this possible *now*
You can "hack" current IPA and bump SOA serial number e.g. each hour (from cron). In that case zone will be transferred each hour to slave server, but you will waste some bandwidth.

c, does any one have any other suggestions, on how to get my desired goal ?
You have to set idnsAllowTransfer attribute in relevant zones, see

d, if not, when will this be possible ?
Automatic SOA serial number update is on the roadmap for 3.0, stay tuned.

Petr^2 Spacek

Gavin Spurgeon.
AKA Da Geek

Freeipa-users mailing list

Reply via email to