[Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) Thanks, --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? Thanks, --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Thanks. --Jason -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 02:53 PM, Dmitri Pal wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. I do not see it. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Thanks. --Jason -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On Mon, Apr 9, 2012 at 1:56 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:53 PM, Dmitri Pal wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. I do not see it. I opened a ticket at access.redhat.com, if there's another place you'd rather I open it I can do that too, sorry. --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Sorry, I thought I did reply to the list. I must be misunderstanding something. When I ipa-replica-install it does not automatically set up a DNS replica, correct? When I run ipa dnsrecord-add domain.com @ --ns-rec slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new host is now a nameserver, correct? So at what point do DNS entries replicate? Or do I set that up outside of IPA? Thanks again, --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 03:04 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:56 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:53 PM, Dmitri Pal wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. I do not see it. I opened a ticket at access.redhat.com, if there's another place you'd rather I open it I can do that too, sorry. --Jason You are on the open source project mailing list so the tickets should go into the trac instance: https://fedorahosted.org/freeipa/ You need to have a Fedora user account to log the ticket. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On Mon, Apr 9, 2012 at 2:04 PM, KodaK sako...@gmail.com wrote: On Mon, Apr 9, 2012 at 1:56 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:53 PM, Dmitri Pal wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. I do not see it. I opened a ticket at access.redhat.com, if there's another place you'd rather I open it I can do that too, sorry. I've opened a bugzilla ticket (two, actually.) --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 03:02 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Sorry, I thought I did reply to the list. I must be misunderstanding something. When I ipa-replica-install it does not automatically set up a DNS replica, correct? When I run ipa dnsrecord-add domain.com @ --ns-rec slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new host is now a nameserver, correct? So at what point do DNS entries replicate? Or do I set that up outside of IPA? Thanks again, --Jason Rob, When we add replicas, do we create SRV records for them automatically? I thought so but may be I am wrong? Can you please chime in? -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On 04/09/2012 03:39 PM, KodaK wrote: On Mon, Apr 9, 2012 at 2:04 PM, KodaK sako...@gmail.com wrote: On Mon, Apr 9, 2012 at 1:56 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:53 PM, Dmitri Pal wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal d...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. I do not see it. I opened a ticket at access.redhat.com, if there's another place you'd rather I open it I can do that too, sorry. I've opened a bugzilla ticket (two, actually.) --Jason Ok, this is fine. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
Dmitri Pal wrote: On 04/09/2012 03:02 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Sorry, I thought I did reply to the list. I must be misunderstanding something. When I ipa-replica-install it does not automatically set up a DNS replica, correct? When I run ipa dnsrecord-add domain.com @ --ns-rec slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new host is now a nameserver, correct? So at what point do DNS entries replicate? Or do I set that up outside of IPA? Thanks again, --Jason Rob, When we add replicas, do we create SRV records for them automatically? I thought so but may be I am wrong? Can you please chime in? Yes, we always try to create the SRV records when installing a replica. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up replication, documentation unclear regarding DNS entries
On Mon, Apr 9, 2012 at 3:01 PM, Rob Crittenden rcrit...@redhat.com wrote: Dmitri Pal wrote: On 04/09/2012 03:02 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:50 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:41 PM, KodaK wrote: On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pald...@redhat.com wrote: On 04/09/2012 02:07 PM, KodaK wrote: I have two IPA servers. The primary/master is SLPIDML01 and the replica is SLPIDML01. I have followed the instructions for creating a replica and the install on SLPIDML02 completed successfully. However, the instructions tell me to add some entries to the DNS zone file, and I'm stumped. The FreeIPA documentation has this to say about setting up DNS for replicas: Updating DNS for IPA Replicas After you have configured a new IPA replica, you should update your DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a server name of $HOST, you should add the following entries to your zone file: _ldap._tcp IN SRV 0 100 389 $HOST _kerberos._tcp IN SRV 0 100 88 $HOST _kerberos._udp IN SRV 0 100 88 $HOST _kerberos-master._tcp IN SRV 0 100 88 $HOST _kerberos-master._udp IN SRV 0 100 88 $HOST _kpasswd._tcp IN SRV 0 100 464 $HOST _kpasswd._udp IN SRV 0 100 464 $HOST _ntp._udp IN SRV 0 100 123 $HOST I know very little about configuring DNS. Where exactly should this go? It says to add it to your zone file, all I see is a named.rfc1912.zones file, and it appears to be rather structured. Do I just dump these at the end? That doesn't seem to make any sense. I see a reference to /var/named/example.com.zone.db, but I don't have one for my domain, and I still don't know what the format of the file should be. Do I need to make entries for both hosts (and any others I add in the future?) What DNS server do you use? Did you consider using DNS server that comes with IPA? I am using the DNS server that comes with IPA. Then the replicas are added automatically to the DNS servers managed by IPA. I think the documentation refers to the case when you are not using the DNS server provided by IPA. Then you need to add mentioned entries. If this is not clear please open a ticket and provide a pointer to the section that caused the confusion. I've opened a ticket, thanks. When I manually turn off the network interfaces on the master, the replica does not take over. How you test it? The client will fail over if it can't access the server that you turned off. For the record, the documentation makes no discernible differentiation between IPA's DNS and external DNS: Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of ipareplica.example.com: Sorry, I thought I did reply to the list. I must be misunderstanding something. When I ipa-replica-install it does not automatically set up a DNS replica, correct? When I run ipa dnsrecord-add domain.com @ --ns-rec slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new host is now a nameserver, correct? So at what point do DNS entries replicate? Or do I set that up outside of IPA? Thanks again, --Jason Rob, When we add replicas, do we create SRV records for them automatically? I thought so but may be I am wrong? Can you please chime in? Yes, we always try to create the SRV records when installing a replica. Ok, thanks, guys. I must have something misconfigured, then. I'll dig a bit and probably post again later. At least I know what it *should* be doing now. --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
