freeipa-admintools.x86_64 4.1.4-1.el7.centos @mkosek-freeipa freeipa-client.x86_64 4.1.4-1.el7.centos @mkosek-freeipa freeipa-python.x86_64 4.1.4-1.el7.centos @mkosek-freeipa freeipa-server.x86_64 4.1.4-1.el7.centos @mkosek-freeipa freeipa-server-trust-ad.x86_64 4.1.4-1.el7.centos @mkosek-freeipa
bind.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-dyndb-ldap.x86_64 6.1-1.el7.centos @mkosek-freeipa bind-libs.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-libs-lite.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-license.noarch 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-pkcs11.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-pkcs11-libs.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa bind-pkcs11-utils.x86_64 32:9.9.4-20.el7.centos.pkcs11 @mkosek-freeipa And for reference here are the relevant A and NS records from my domain @ NS dc1.mydomain.net. @ NS dc2.mydomain.net. @ NS dns1.mydomain.net. dns1 A 10.21.0.14 > Hello! > > On 2.5.2015 17:12, Nathan Peters wrote: >> The last 3 sentences of my original post refer to me adding the NS >> records for >> the slave. Is that what you mean? >> >> "I have also ensured that the slave hostname and IP are in FreeIPA DNS. >> I >> have also added an NS entry pointing to the slave." > > Which version of FreeIPA and bind-dyndb-ldap are you using? > > I will look into it. > > Petr^2 Spacek > > >> -----Original Message----- From: Baird, Josh >> Sent: Saturday, May 02, 2015 7:33 AM >> To: 'nat...@nathanpeters.com' ; freeipa-users@redhat.com >> Subject: RE: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being >> sent to >> slaves >> >> Is the PowerDNS slave in the NS RRSet for the IPA domain? >> Unfortuantely, >> bind-dyndb-ldap does not support 'also-notify' which would allow us to >> send >> notifies each time a zone update occurs to slave servers that are not in >> the >> RRSet [1]. To compensate for this in my environment, I had to lower the >> 'refresh' timer on the IPA zone. >> >> [1] https://fedorahosted.org/bind-dyndb-ldap/ticket/152 >> >> -----Original Message----- >> From: freeipa-users-boun...@redhat.com >> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of >> nat...@nathanpeters.com >> Sent: Friday, May 1, 2015 8:20 PM >> To: freeipa-users@redhat.com >> Subject: [Freeipa-users] FreeIPA 4.1.4 DNS notifications not being sent >> to slaves >> >> I have 2 FreeIPA 4.1.4 servers setup on CentOS 7 as replicas. >> >> I also have another host running PowerDNS serving as a slave. >> The FreeIPA servers are setup to allow transfers to the slave by IP. >> When >> adding the zone, the slave transfered it properly. >> >> However, when I update the zone in FreeIPA, although the serial number >> changes, in the /var/log/messages I only see an attempt to transfer to >> the >> second IPA server, and not the slave. This is the only log entry : >> >> May 2 01:06:56 dc1 named-pkcs11[5897]: zone mydomain.net/IN: sending >> notifies >> (serial 1430528817) May 2 01:06:57 dc1 named-pkcs11[5897]: client >> 10.178.0.99#29832: received notify for zone 'mydomain.net' >> >> I have restarted all services using ipactl restart several times. I >> have also >> ensured that the slave hostname and IP are in FreeIPA DNS. I have also >> added >> an NS entry pointing to the slave. >> >> According to the FreeIPA manual, once that NS entry is added, any zone >> updates >> should trigger a notify, but still the only notifications go out to >> FreeIPA >> servers and nothing else. >> >> Any idea how to fix this so FreeIPA notifies non IPA servers? I'm >> pretty sure >> I've followed all the instructions to the letter on this one... >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project