Is there a way of exporting the DNS information out of Freeipa? Then I could 
just do a diff on the export from master and replica. 

> On Sep 24, 2015, at 11:13 AM, Martin Basti <mba...@redhat.com> wrote:
> 
> 
> 
> On 09/24/2015 05:02 PM, Rich Megginson wrote:
>> On 09/24/2015 08:53 AM, Martin Basti wrote:
>>> 
>>> 
>>> On 09/24/2015 04:43 PM, Rich Megginson wrote:
>>>> On 09/24/2015 08:32 AM, Aric Wilisch wrote:
>>>>> I need a way to validate that both the primary and the redundant FreeIPA 
>>>>> server’s DNS zones are in sync. What’s the simplest way for me to do this?
>>>> 
>>>> Do a DNS query to confirm that the SOA record for the primary is identical 
>>>> to the SOA for the secondary.
>>> 
>>> SOA serials are not replicated.
>> 
>> So with IPA you can have a master DNS and a replica DNS that have different 
>> SOA?
> Just SOA serial, other records are replicated.
> 
>> 
>> Then the records are replicated using the standard IPA dirsrv replication 
>> protocol?
>> 
>> In that case, doesn't ipa-replica-manage have a way to ask if the replicas 
>> are in sync?
> I don't think that ipa-replica-manage is capable to detect if replicas are in 
> sync.
> AFAIK this feature is planned for future IPA versions.
> Inspecting DS error log may help to find replication issues if any.
> 
> Martin
> 
>> 
>>> 
>>> You can get all  records via AXFR, and compare them per zone.
>>> 
>>> Maybe you can use python-dns to do comparation
>>> 
>>> http://www.dnspython.org/examples.html
>> 
>> That seems pretty heavyweight if there are a lot records.
>> 
>>> 
>>> HTH
>>> Martin
>>>> 
>>>>> 
>>>>> My boss won’t let me continue with an upgrade until he’s sure the primary 
>>>>> and redundant servers have the same DNS records and are in sync. I’ve 
>>>>> tried finding documentation on this but keep coming up blank.
>>>>> 
>>>>> Thanks in advance.
>>>>> 
>>>> 
>>> 
>> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to