Hello All, I have two FreeIPA servers set up as follows:
ns01: ipa-server-install --realm=DEV.REDACTED.NET --mkhomedir --setup-dns --ssh-trust-dns --forwarder=1.2.3.4 ns02: ipa-replica-install /var/lib/ipa/replica-info-ns02.dev.redacted.net.gpg --setup-ca --mkhomedir --ssh-trust-dns --setup-dns --forwarder=1.2.3.4 Now, after being in use for a few months, my SOA serial numbers are different as reported by the two servers: ns01 reports 1467996578 ns02 reports 1467996455 [root@ns02 ~]# ipa dnszone-show dev.redacted.net ... SOA serial: 1467996455 ... Same result on ns01, 1467996455 ipa-replica-conncheck is fine. After an "ipactl restart" on ns02 (thinking that I needed to refresh the ns02 FreeIPA instance somehow) the SOA serial on ns02 increments *beyond* that of ns01: ns01: 1467996578 ns02: 1467997519 Another "ipactl restart" on ns02 results in: ns01: 1467996578 ns02: 1467997595 running "ipactl restart" on ns01 results in: ns01: 1467997873 ns02: 1467997595 ns02 doesn't seem to be getting its serial number from ns01 at all. Did I set up ns02 incorrectly? Should I have skipped the "--setup-dns" on the replica? Does anyone have any suggestions on how to debug this further? Thanks, Anthony Clark
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
