Yes, this is expected. >From the IPA documentation [1]:
"The IdM-integrated DNS is multi-master. SOA serial numbers in IdM zones are not synchronized between IdM servers. For this reason, configure DNS slave servers to only use one IdM master server. This prevents zone transfer failures caused by non-synchronized SOA serial numbers." [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-master-dns-zones.html#zone-transfers Thanks, Josh From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Jake Sent: Friday, January 6, 2017 2:25 PM To: freeipa-users <freeipa-users@redhat.com> Subject: [Freeipa-users] Should IPA Replica DNS SOA Serials match? Hey All, I currently have 4 ipa 4.2 masters and none of the SOA Serials match, is this expected behavior of bind-ldap? ipa01 - 1483710336 ipa02 - 1483709696 ipa03 - 1483730432 ipa04 - 1483714048 Thanks! -Jake -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project