Hello All,

I have two FreeIPA servers set up as follows:

ns01:  ipa-server-install --realm=DEV.REDACTED.NET --mkhomedir --setup-dns
--ssh-trust-dns --forwarder=1.2.3.4

ns02:  ipa-replica-install
/var/lib/ipa/replica-info-ns02.dev.redacted.net.gpg --setup-ca --mkhomedir
--ssh-trust-dns --setup-dns --forwarder=1.2.3.4


Now, after being in use for a few months, my SOA serial numbers are
different as reported by the two servers:

ns01 reports 1467996578
ns02 reports 1467996455

[root@ns02 ~]# ipa dnszone-show dev.redacted.net
...
  SOA serial: 1467996455
...

Same result on ns01, 1467996455

ipa-replica-conncheck is fine.

After an "ipactl restart" on ns02 (thinking that I needed to refresh the
ns02 FreeIPA instance somehow) the SOA serial on ns02 increments *beyond*
that of ns01:

ns01: 1467996578
ns02:  1467997519

Another "ipactl restart" on ns02 results in:

ns01:  1467996578
ns02:  1467997595

running "ipactl restart" on ns01 results in:

ns01:  1467997873
ns02:  1467997595

ns02 doesn't seem to be getting its serial number from ns01 at all.

Did I set up ns02 incorrectly?  Should I have skipped the "--setup-dns" on
the replica?

Does anyone have any suggestions on how to debug this further?

Thanks,

Anthony Clark
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to