On 06/15/2012 12:12 AM, Steven Jones wrote:
I have the forward zone (ods.vuw.ac.nz) setup in IPA but the reverse zone(s) is 
meant to be slaved back to the MS AD masters (vuw.ac.nz) and 10/8 and 
(130.195./16).

What should the reverse/ PTR zone setup look like?  ie if I had a flat file aka 
bind and named.conf its straightforward I can just look at the file(s), and 
that a reverse zone file is created on the salve however I have no screenhots 
or anything to indicate if I have setup that reverse function correctly.  For 
instance there is nothing in /var/named/slaves, I have assumed that the slave 
data from the AD masters is actually held in the LDAP.....so how do I prove 
that?
AFAIK there is no special requirement.

Any host name for IPA server should translate to IP addresses. PTR records for those IP addresses should point back to A/AAAA records used during original name->IP translation. (PTR should point to A records, not CNAME records.)

Actually it doesn't matter where records are stored, as long as DNS translation via servers configured in /etc/resolv.conf is functional.


Also I notice when I create a zone using the dns ui it creates a file called 
0.3.70.10, but when I add a replica it creates another zone file 3.70.10 and 
populates it....which it shouldnt as the MS AD is the master.....yet I used 
--no-reverse in the replica command...
I'm not sure if I understood it correctly. Where are the files created? Can you post them to the list?

Petr^2 Spacek


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Simo Sorce [s...@redhat.com]
Sent: Thursday, 14 June 2012 11:50 p.m.
To: Steven Jones
Cc: Rob Crittenden; freeipa-users
Subject: RE: [Freeipa-users] Replication problems with having more than one 
replica?

On Thu, 2012-06-14 at 03:00 +0000, Steven Jones wrote:
Hi,

3 log sets from /var/log/dirsrv/slapd

Looking at the first server's error log it looks like one of your
replicas has a wrong PTR record and GSSAPI cannot therefore find the
right ticket.

Make sure your DNS is properly set up (or /etc/hosts entries) for all
the servers.

Simo.

--
Simo Sorce * Red Hat, Inc * New York


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to