On 4.11.2014 21:57, William Muriithi wrote:

I have two AD and would like to retain that redundancy within IPA after
establishing trust relationship. How would one achieve that?

I have attempted the following:

[root@ipa3-yyz-int ~]# ipa dnszone-add example.local
--name-server=srvyyzdc02.example.local --name-server=srvyyzdc01.example.local
--admin-email='systemad...@example.com' --force --forwarder=
--forwarder= --forward-policy=only --ip-address=
ipa: ERROR: invalid 'idnssoamname': Only one value is allowed

And got the following error above

This however works

ipa dnszone-add example.local --name-server=srvyyzdc02.example.local
--force --forwarder= --forward-policy=only --ip-address=

What should I have done to get redundancy working? If this is not possible
currently, any chance it can be implemented some day?


Could you explain what you are trying to achieve, please?

What version of FreeIPA do you use?

Commands 'ipa dnszone-*' manage DNS and are not strictly related to AD trusts. If you add DNS zone to one IPA server it is automatically served by all other servers. This applies to master & forward zones too.

To get full redundancy for *master* zones you have to add all names of IPA DNS servers to NS records in the zone and also to its parent zone. (BTW FreeIPA 4.1 will manage in-zone NS records automatically for you.)

For forward zones you don't need to do anything else. It should just work.

Petr^2 Spacek

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to