Hi Tomas, > If I understand you correctly, the primary server is filled with data > using bind-dyndb-ldap from an LDAP backend. Then the DS records are > present on the primary server. At this point, bind-dyndb-ldap's work > should be done, since it only serves as the backend LDAP driver for BIND.
You understand correctly. > The issue happens when you try to replicate the zone to the secondary > nameserver using AXFR. This leads me to believe that this might be some > issue in the BIND component itself. Perhaps some special configuration > is required. I've not found any documentation that suggests special configuration is required. I spoke to some of the people in #bind before posting to this list, they were also surprised it wasn't working. > It might help you if you'd test the setup without bind-dyndb-ldap with > some mock data directly in BIND. If the AXFR doesn't contain the DS > records then, it's related to BIND. Perhaps the BIND users > ([email protected]) list might be able to assist you. I've setup the test case directly on one of the primary nameservers with a couple of domains and do see the DS glue records included in the AXFR, so the missing records seem to only be happening when the zonefile is backed by bind-dyndb-ldap. Regards, Ben Roberts -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
