On 02/13/2017 10:12 PM, Aaron Young wrote:
So, I recently took over this site and a couple days into it, the first
ipa server died because of disk corruption.
Right now, I've built another ipa server to step into the topology as a
replica, but I keep getting strange dns errors during update
Looking at it closer, it appears that when nsupdate runs, it fails updating
looking closer, I notice that the SOA comes back with the name of the
So, it seems like I should change that. So far I've been unable to
I get messages back from nsupdate like
"response to SOA query was unsuccessful"
I'm not sure what information I should send to help with this
My main question is, is there a way to force the change of the SOA?
MarketFactory, Manager of Site Reliability Engineering
425 Broadway, 3FL
New York, NY 10013
Office: +1 212 625 9988
Direct +1 646 779 3710
US Support: +1 (212) 625-0688 <tel:%2B1%20%28212%29%20625-0688> | UK
Support: +44 (0) 203 695-7997 <tel:%2B44%20%280%29%20203%20695-7997>
there may be some stale NS record on other IPA masters which serve your
DNS zone. you can verify this by running:
# ipa dnsrecord-show <DOMAIN_NAME> @
and check the list of nameservers returned.
To remove the record of the old master run
# ipa dnsrecord-del <DOMAIN_NAME> @ --ns-rec <MASTER_FQDN>
Also, make sure you cleaned up old agreements, services, etc. of the old
master by running `ipa-replica-manage del --force --cleanup
<MASTER_FQDN>` on some other IPA master.
You will also probably have to stand-up a new CA renewal/CRL master
on one of remaining replicas if the first server died and you have CA
Hope this helps
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project