[Freeipa-users] BIND named.conf

Michael Mercier mmercier at gmail.com
Sat Jul 14 01:20:31 UTC 2012 

I will try to be more clear...

My IPA zone is named intranet.local running on ipaserver1 and  
ipaserver2.
I have another zone (call it "myzone.tld") hosted on some other  
systems.  I would like ipaserver1 and ipaserver2 to both be a slave  
for this zone (not use a forwarder for the zone).

Considering that ipaserver1 and ipaserver2 use the dynamic-db entry in  
named.conf, is there anything that I should be concerned about if I  
were to add:

zone "myzone.tld" {
      type slave;
      file "slave/myzone.db"
      masters { u.x.y.z;  w.x.y.z; };
      allow-notify { u.x.y.z;  w.x.y.z; };
      also-notify { ipaserver2 };
};

to ipaserver1?

I had considered adding the zone via 'ipa dnszone-add  
ipaserver1.intranet.local' but I did not find anything specific in the  
documentation describing how to configure the new zone as a slave of  
another system.  Also, the number of entries in the zone is large and  
there are a many updates per day and I was uncertain of the type of  
performance I could expect.

Thanks,
Mike
On 13-Jul-12, at 7:10 PM, Dmitri Pal wrote:

> On 07/13/2012 07:04 PM, Michael Mercier wrote:
>> Hello,
>>
>> I am by no means an expert either, but I believe what you are
>> recommending would forward requests for "myzone.tld" to the
>> ip.of.forwarder1 etc.
>> I want ipaserver1 to actually be a slave (do AXFR / IXFR -- hold all
>> the data) of "myzone.tld", and have ipaserver2 slave this data from
>> ipaserver1.
>>
>
> The replicas in IPA do not need to be specially configured to be  
> slaves
> of each other. They have the same data which is replicated by LDAP  
> back
> end so it is not clear why you are trying to configure the replicas to
> be in master-slave relation.
>
>
>> Thanks,
>> Mike
>>
>> On 13-Jul-12, at 5:11 PM, KodaK wrote:
>>
>>> On Fri, Jul 13, 2012 at 3:13 PM, Michael Mercier  
>>> <mmercier at gmail.com>
>>> wrote:
>>>> Hello,
>>>>
>>>> When using IPA 2.2.0 with DNS setup (--setup-dns), is there any
>>>> issues with adding slaves to the named.conf file?
>>>>
>>>> example on ipaserver1:
>>>>
>>>> zone "myzone.tld" {
>>>>       type slave;
>>>>       file "slave/myzone.db"
>>>>       masters { u.x.y.z;  w.x.y.z; };
>>>>       allow-notify { u.x.y.z;  w.x.y.z; };
>>>>       also-notify { ipaserver2 };
>>>> };
>>>
>>>
>>> I'm no expert, but I think you'd want to use the command line option
>>> dnsconfig-mod:
>>>
>>> ipa dnsconfig-mod --forwarder=ip.of.forwarder1;ip.of.forwarder2
>>> myzone.tld
>>>
>>>
>>> -- 
>>> The government is going to read our mail anyway, might as well  
>>> make it
>>> tough for them.  GPG Public key ID:  B6A1A7C6
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> -- 
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list