Re: [Freeipa-users] SOA Serial changes overnight and is inconsisstent with replica

2015-09-08 Thread Petr Spacek 
On 8.9.2015 14:06, David Dejaeghere wrote:
> @Petr. I understood bind restart caused an increment. But I was unaware
> that this value was not replicated.  If I add a record to a zone the SOA
> serials do get in sync again. But I understand the multimaster setup and
> now I understand where this nightly increment is comming from. It is indeed
> logrotate.

For the record, bind-dyndb-ldap tries to set the SOA serial to unix timestamp
if old SOA serial < current timestamp. If old SOA serial <= current timestamp
then it is incremented by one.

This + different logrorate configuration might explain the difference.


The consequence is that your DNS slaves should be configured to use the same
master all the time and fail over only if the original master is not available.

Petr^2 Spacek

> Kind Regards,
> 
> David
> 
> 2015-09-08 13:16 GMT+02:00 Petr Spacek :
> 
>> On 8.9.2015 13:06, Martin Basti wrote:
>>>
>>>
>>> On 09/07/2015 03:00 PM, David Dejaeghere wrote:
 Hello,

 I noticed on the couple of installs that I am running that my zones have
 different soa serial values on both master and replica.  I also noticed
>> that
 this value is changing without adding or removing a record some time
>> during
 the night.

 What exactly is changing this and how come these values become
>> inconsistant?
 For example:
 Serial on master: 1441509183
 Serial on replica: 1441597213

 Is this expected?

 Kind Regards,

 David



>>> Hello,
>>>
>>> does the replication between master and replica works?
>>
>> SOA is specific for replica (as IPA provides multi-master DNS) and is not
>> replicated. SOA serial in each zone is incremented upon BIND restart so
>> e.g.
>> logrotate during night might cause SOA to increment.
>>
>> --
>> Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] SOA Serial changes overnight and is inconsisstent with replica

2015-09-08 Thread Martin Basti 



On 09/07/2015 03:00 PM, David Dejaeghere wrote:

Hello,

I noticed on the couple of installs that I am running that my zones 
have different soa serial values on both master and replica.  I also 
noticed that this value is changing without adding or removing a 
record some time during the night.


What exactly is changing this and how come these values become 
inconsistant?

For example:
Serial on master: 1441509183
Serial on replica: 1441597213

Is this expected?

Kind Regards,

David




Hello,

does the replication between master and replica works?
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] SOA Serial changes overnight and is inconsisstent with replica

2015-09-08 Thread Petr Spacek 
On 8.9.2015 13:06, Martin Basti wrote:
> 
> 
> On 09/07/2015 03:00 PM, David Dejaeghere wrote:
>> Hello,
>>
>> I noticed on the couple of installs that I am running that my zones have
>> different soa serial values on both master and replica.  I also noticed that
>> this value is changing without adding or removing a record some time during
>> the night.
>>
>> What exactly is changing this and how come these values become inconsistant?
>> For example:
>> Serial on master: 1441509183
>> Serial on replica: 1441597213
>>
>> Is this expected?
>>
>> Kind Regards,
>>
>> David
>>
>>
>>
> Hello,
> 
> does the replication between master and replica works?

SOA is specific for replica (as IPA provides multi-master DNS) and is not
replicated. SOA serial in each zone is incremented upon BIND restart so e.g.
logrotate during night might cause SOA to increment.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project