[Freeipa-users] Setting up replication, documentation unclear regarding DNS entries

Rob Crittenden rcritten at redhat.com
Mon Apr 9 20:01:26 UTC 2012 

Dmitri Pal wrote:
> On 04/09/2012 03:02 PM, KodaK wrote:
>> On Mon, Apr 9, 2012 at 1:53 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>> On 04/09/2012 02:50 PM, KodaK wrote:
>>>> On Mon, Apr 9, 2012 at 1:46 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>> On 04/09/2012 02:41 PM, KodaK wrote:
>>>>>> On Mon, Apr 9, 2012 at 1:34 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>>>> On 04/09/2012 02:07 PM, KodaK wrote:
>>>>>>>> I have two IPA servers.  The primary/master is SLPIDML01 and the
>>>>>>>> replica is SLPIDML01.  I have followed the instructions for creating a
>>>>>>>> replica and the install on SLPIDML02 completed successfully.  However,
>>>>>>>> the instructions tell me to add some entries to the DNS zone file, and
>>>>>>>> I'm stumped.
>>>>>>>>
>>>>>>>> The FreeIPA documentation has this to say about setting up DNS for replicas:
>>>>>>>>
>>>>>>>> Updating DNS for IPA Replicas
>>>>>>>>
>>>>>>>> After you have configured a new IPA replica, you should update your
>>>>>>>> DNS entries so that IPA clients can discover the new server. For
>>>>>>>> example, for an IPA replica with a server name of $HOST, you should
>>>>>>>> add the following entries to your zone file:
>>>>>>>>
>>>>>>>> _ldap._tcp             IN SRV 0 100 389       $HOST
>>>>>>>> _kerberos._tcp         IN SRV 0 100 88 $HOST
>>>>>>>> _kerberos._udp         IN SRV 0 100 88 $HOST
>>>>>>>> _kerberos-master._tcp  IN SRV 0 100 88 $HOST
>>>>>>>> _kerberos-master._udp  IN SRV 0 100 88 $HOST
>>>>>>>> _kpasswd._tcp          IN SRV 0 100 464 $HOST
>>>>>>>> _kpasswd._udp          IN SRV 0 100 464 $HOST
>>>>>>>> _ntp._udp              IN SRV 0 100 123 $HOST
>>>>>>>>
>>>>>>>> I know very little about configuring DNS.  Where exactly should this
>>>>>>>> go?  It says to add it to your zone file, all I see is a
>>>>>>>> named.rfc1912.zones file, and it appears to be rather structured.  Do
>>>>>>>> I just dump these at the end?  That doesn't seem to make any sense.  I
>>>>>>>> see a reference to /var/named/example.com.zone.db, but I don't have
>>>>>>>> one for my domain, and I still don't know what the format of the file
>>>>>>>> should be.  Do I need to make entries for both hosts (and any others I
>>>>>>>> add in the future?)
>>>>>>>>
>>>>>>> What DNS server do you use?
>>>>>>> Did you consider using DNS server that comes with IPA?
>>>>>>>
>>>>>> I am using the DNS server that comes with IPA.
>>>>> Then the replicas are added automatically to the DNS servers managed by
>>>>> IPA. I think the documentation refers to the case when you are not using
>>>>> the DNS server provided by IPA. Then you need to add mentioned entries.
>>>>> If this is not clear please open a ticket and provide a pointer to the
>>>>> section that caused the confusion.
>>>> I've opened a ticket, thanks.
>>>>
>>>> When I manually turn off the network interfaces on the master, the
>>>> replica does not take over.
>>> How you test it?
>>> The client will fail over if it can't access the server that you turned
>>> off.
>>>
>>>
>>>> For the record, the documentation makes no discernible differentiation
>>>> between IPA's DNS and external DNS:
>>>>
>>>> "Once the installation process completes, update the DNS entries so
>>>> that IPA clients can discover the new server. For example, for an IPA
>>>> replica with a hostname of ipareplica.example.com:"
>> Sorry, I thought I did reply to the list.
>>
>> I must be misunderstanding something.
>>
>> When I ipa-replica-install it does not automatically set up a DNS
>> replica, correct?
>>
>> When I run ipa dnsrecord-add domain.com @ --ns-rec
>> slpidml02.unix.magellanhealth.com. I'm only telling IPA that this new
>> host is now a nameserver, correct?
>>
>> So at what point do DNS entries replicate?  Or do I set that up outside of IPA?
>>
>> Thanks again,
>>
>> --Jason
>
> Rob,
>
> When we add replicas, do we create SRV records for them automatically? I
> thought so but may be I am wrong? Can you please chime in?
>

Yes, we always try to create the SRV records when installing a replica.

rob

More information about the Freeipa-users mailing list