I will try to be more clear...

My IPA zone is named intranet.local running on ipaserver1 and ipaserver2. I have another zone (call it "myzone.tld") hosted on some other systems. I would like ipaserver1 and ipaserver2 to both be a slave for this zone (not use a forwarder for the zone).

Considering that ipaserver1 and ipaserver2 use the dynamic-db entry in named.conf, is there anything that I should be concerned about if I were to add:

zone "myzone.tld" {
     type slave;
     file "slave/myzone.db"
     masters { u.x.y.z;  w.x.y.z; };
     allow-notify { u.x.y.z;  w.x.y.z; };
     also-notify { ipaserver2 };
};

to ipaserver1?

I had considered adding the zone via 'ipa dnszone-add ipaserver1.intranet.local' but I did not find anything specific in the documentation describing how to configure the new zone as a slave of another system. Also, the number of entries in the zone is large and there are a many updates per day and I was uncertain of the type of performance I could expect.

Thanks,
Mike
On 13-Jul-12, at 7:10 PM, Dmitri Pal wrote:

On 07/13/2012 07:04 PM, Michael Mercier wrote:
Hello,

I am by no means an expert either, but I believe what you are
recommending would forward requests for "myzone.tld" to the
ip.of.forwarder1 etc.
I want ipaserver1 to actually be a slave (do AXFR / IXFR -- hold all
the data) of "myzone.tld", and have ipaserver2 slave this data from
ipaserver1.


The replicas in IPA do not need to be specially configured to be slaves of each other. They have the same data which is replicated by LDAP back
end so it is not clear why you are trying to configure the replicas to
be in master-slave relation.


Thanks,
Mike

On 13-Jul-12, at 5:11 PM, KodaK wrote:

On Fri, Jul 13, 2012 at 3:13 PM, Michael Mercier <mmerc...@gmail.com>
wrote:
Hello,

When using IPA 2.2.0 with DNS setup (--setup-dns), is there any
issues with adding slaves to the named.conf file?

example on ipaserver1:

zone "myzone.tld" {
      type slave;
      file "slave/myzone.db"
      masters { u.x.y.z;  w.x.y.z; };
      allow-notify { u.x.y.z;  w.x.y.z; };
      also-notify { ipaserver2 };
};


I'm no expert, but I think you'd want to use the command line option
dnsconfig-mod:

ipa dnsconfig-mod --forwarder=ip.of.forwarder1;ip.of.forwarder2
myzone.tld


--
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to