Hi Guys,
Thanks for the previous replies. I hate to dig up and old thread, but im
still banging my head on this. I am trying to configure IPA to send notify
to slaves servers on manual updates from the web or CLI tools.
Dynamic DNS updates from an IPA client issuing an nsupdate works great, I
get an immediate zone transfer to zone NS slaves ( bind 9.x slaves).
Performing an update via IPA CLI ( for non-dynamic static record) tools
triggers nothing. The test documents and Petr's previous statements hold
true for the nsupdate case, is this also true for CLI driven updates as
well?
I have tested this on 3.3.5 (Fedora 20) and 4.1 (COPR) release.
Thanks Guys!
On Wed, Sep 3, 2014 at 2:25 AM, Petr Spacek <pspa...@redhat.com> wrote:
> On 1.9.2014 12:16, Dmitri Pal wrote:
>
>> On 09/01/2014 12:05 PM, Martin Kosek wrote:
>>
>>> On 09/01/2014 07:50 AM, Dmitri Pal wrote:
>>>
>>>> On 08/29/2014 09:32 PM, Matthew Sellers wrote:
>>>>
>>>>> Hi Everyone!
>>>>>
>>>>> I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure
>>>>> FreeIPA to
>>>>> send notifies to non-IPA slaves, but it seems broken on IPA ( notify
>>>>> packets
>>>>> are never sent to to slaves ).
>>>>>
>>>>> I have configured also-notify { nameserverip; }; in named.conf on my
>>>>> FreeIPA
>>>>> test host in the options section and watched for notify traffic with
>>>>> tcpdump.
>>>>>
>>>>> This document suggests that this is supported, and this is something I
>>>>> have
>>>>> used in non-IPA bind servers with no issues.
>>>>>
>>>>> https://fedoraproject.org/wiki/QA:Testcase_freeipav3_dns_zone_transfer
>>>>>
>>>>> I wanted to ask the list before I file a bug with more details. Is
>>>>> anyone
>>>>> using this bind feature on IPA with any success?
>>>>>
>>>>> Thanks!
>>>>> Matt
>>>>>
>>>>>
>>>>> The DNS level change propagation is not supported between IPA
>>>> replicas instead
>>>> it uses LDAP replication to propagate the changes.
>>>> If you want another non IPA DNS server to be a slave then you can do
>>>> it. See
>>>> http://www.freeipa.org/page/V3/DNS_SOA_serial_auto-incrementation for
>>>> more
>>>> information.
>>>>
>>> I thought that from F20, bind-dyndb-ldap was capable of native DNS
>>> operations
>>> like AXFR/IXFR which can be used to actually deploy slave DNS servers. I
>>> wonder
>>> if also-notify is something different. CCing Petr Spacek to advise.
>>>
>> AFAIU slave DNS servers not controlled by IPA yes, replicas as slaves -
>> no.
>>
>
> Let me summarize:
> - AXFR is supported (at least) by all versions RHEL 6.5 and newer versions
> - IXFR is supported by bind-dyndb-ldap 4.0 and newer (Fedora 20+)
> - DNS NOTIFY messages are always sent to servers listed in NS records
>
> I.e. you have to add your non-IPA slave servers to NS records in
> particular zone and then it should 'just work', no other configuration
> (like 'also-notify') is necessary.
>
> Please let me know if it doesn't work for you.
>
> --
> Petr^2 Spacek
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
