Discussion:
[Freeipa-users] Slave DNS on FreeIPA replica
Christopher Young
2015-04-06 19:09:58 UTC
Permalink
I have - what I believe to be - a couple of basic questions (I apologize in
advance if these are answered elsewhere, though I've tried to do some
searching ahead of time.):

I recently added an IPA replica to an existing IPA server and noticed that
everything appeared to succeed in the setup. One observation is that DNS
(bind) was not set up on this new host. I was wondering if this is normal
behavior, and if so, is there a set of instructions needed to add/create
additional DNS servers for use with FreeIPA?

Ideally, I would like to have DNS running on all IPA hosts. Additionally,
I plan on adding a pair of caching/slave DNS servers running standing BIND
on remote networks and was wondering what the procedure would be to slave
those zones onto those. Would that be the same as allowing the transfer
from those IPs and treating them just like any other BIND slave for the
appropriate zones?

I appreciate the clarifications and all the effort that goes into this!

Chris
Rob Crittenden
2015-04-06 19:15:48 UTC
Permalink
Post by Christopher Young
I have - what I believe to be - a couple of basic questions (I apologize
in advance if these are answered elsewhere, though I've tried to do some
I recently added an IPA replica to an existing IPA server and noticed
that everything appeared to succeed in the setup. One observation is
that DNS (bind) was not set up on this new host. I was wondering if
this is normal behavior, and if so, is there a set of instructions
needed to add/create additional DNS servers for use with FreeIPA?
Ideally, I would like to have DNS running on all IPA hosts.
Additionally, I plan on adding a pair of caching/slave DNS servers
running standing BIND on remote networks and was wondering what the
procedure would be to slave those zones onto those. Would that be the
same as allowing the transfer from those IPs and treating them just like
any other BIND slave for the appropriate zones?
I appreciate the clarifications and all the effort that goes into this!
DNS and a CA are optional components in a replica. You can add them
using ipa-dns-install and ipa-ca-install respectively.

To install bind during the replica install process add the option
--setup-dns.

rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Christopher Young
2015-04-06 23:02:07 UTC
Permalink
I clearly missed that. Thanks for the clarification. As far as adding
additional DNS servers merely to slave the zones, is that more or less the
same as configuring any other bind slave?
Post by Rob Crittenden
Post by Christopher Young
I have - what I believe to be - a couple of basic questions (I apologize
in advance if these are answered elsewhere, though I've tried to do some
I recently added an IPA replica to an existing IPA server and noticed
that everything appeared to succeed in the setup. One observation is
that DNS (bind) was not set up on this new host. I was wondering if
this is normal behavior, and if so, is there a set of instructions
needed to add/create additional DNS servers for use with FreeIPA?
Ideally, I would like to have DNS running on all IPA hosts.
Additionally, I plan on adding a pair of caching/slave DNS servers
running standing BIND on remote networks and was wondering what the
procedure would be to slave those zones onto those. Would that be the
same as allowing the transfer from those IPs and treating them just like
any other BIND slave for the appropriate zones?
I appreciate the clarifications and all the effort that goes into this!
DNS and a CA are optional components in a replica. You can add them
using ipa-dns-install and ipa-ca-install respectively.
To install bind during the replica install process add the option
--setup-dns.
rob
Baird, Josh
2015-04-06 23:26:31 UTC
Permalink
Yes, but you need to allow zone transfers to your non-IPA servers:

$ ipa dnszone-mod --allow-transfer="1.2.3.4" domain.com

(where 1.2.3.4 is the IP of your new slave and domain.com is the zone name you want to transfer)

Josh

From: freeipa-users-***@redhat.com [mailto:freeipa-users-***@redhat.com] On Behalf Of Christopher Young
Sent: Monday, April 06, 2015 7:02 PM
To: Rob Crittenden
Cc: freeipa-***@redhat.com
Subject: Re: [Freeipa-users] Slave DNS on FreeIPA replica

I clearly missed that. Thanks for the clarification. As far as adding additional DNS servers merely to slave the zones, is that more or less the same as configuring any other bind slave?
Post by Christopher Young
I have - what I believe to be - a couple of basic questions (I apologize
in advance if these are answered elsewhere, though I've tried to do some
I recently added an IPA replica to an existing IPA server and noticed
that everything appeared to succeed in the setup. One observation is
that DNS (bind) was not set up on this new host. I was wondering if
this is normal behavior, and if so, is there a set of instructions
needed to add/create additional DNS servers for use with FreeIPA?
Ideally, I would like to have DNS running on all IPA hosts.
Additionally, I plan on adding a pair of caching/slave DNS servers
running standing BIND on remote networks and was wondering what the
procedure would be to slave those zones onto those. Would that be the
same as allowing the transfer from those IPs and treating them just like
any other BIND slave for the appropriate zones?
I appreciate the clarifications and all the effort that goes into this!
DNS and a CA are optional components in a replica. You can add them
using ipa-dns-install and ipa-ca-install respectively.

To install bind during the replica install process add the option
--setup-dns.

rob

Loading...