sorry for a big delay.
On 06/20/2012 02:25 PM, Gavin Spurgeon wrote:
Current IPA (with bind-dyndb-ldap driver) supports AXFR itself. Problem lies
in SOA serial number update - it is not maintained for changes done via WebUI
or CLI. If you do any change through WebUI or CLI, you need to manually bump
the SOA serial number.
Any change via DNS dynamic update mechanism (nsupdate) will bump the SOA
Just have a quick question re: $subject
I have seen some BZ's about this, but just wanted to check with the list
to see what people have to say about this.
I have an IPA Domain (example.com) and it is running as it should be.
I also have 2 Public DNS Servers that run all of my non IPA Zones (in
the 100s) I want these to DNS Serves to act as Standard Bind Slave
Servers for my IPA Domain (i.e. to do a simple AXFR from the IPA Master)
You can "hack" current IPA and bump SOA serial number e.g. each hour (from
cron). In that case zone will be transferred each hour to slave server, but
you will waste some bandwidth.
a, No adding the Public DNS Servers to IPA is not an option...
b, Is this possible *now*
c, does any one have any other suggestions, on how to get my desired goal ?
You have to set idnsAllowTransfer attribute in relevant zones, see
d, if not, when will this be possible ?
Automatic SOA serial number update is on the roadmap for 3.0, stay tuned.
AKA Da Geek
Freeipa-users mailing list