[Freeipa-users] Re: SOA generation algorythm

Wed, 29 May 2019 04:44:17 -0700 

On ke, 29 touko 2019, Andrey Bondarenko via FreeIPA-users wrote:

Hello,

Is the SOA generation algorithm for zones documented anywhere or anyone by
chance knows what it is?

We have cluster of 8 nodes and SOA is different on some IPAs in some zones
(with huge amount of changes). But if I make a change I actually see it on
different IPA.

Also, restarting IPA increases SOA by 1.

We wanted to relay on SOA on our DNS consistency check but seems like it's
not a working idea, or is it?

If you are not using slave DNS masters on separate servers, then each
IPA master with DNS becomes own authoritative master and has own
(so-called 'locally significant') SOA value. This is default in IPA DNS
deployment.

From bind-dyndb-ldap's README.md:

* idnsSOAserial

       SOA serial number. It is automatically incremented after each change
       in LDAP. External changes done by other LDAP clients are detected via
       RFC 4533 (so-called syncrepl).

       If serial number is lower than current UNIX timestamp, then
       it is set to the timestamp value. If SOA serial is greater or equal
       to current timestamp, then the serial is incremented by one.
       (This is equivalent to BIND option 'serial-update-method unix'.)

       In multi-master LDAP environments it is recommended to make
       idnsSOAserial attribute non-replicated (locally significant).
       It is recommended not to use multiple masters for single slave zone
       if SOA serial is locally significant because serial numbers between
       masters aren't synchronized. It will cause problems with zone
       transfers from multiple masters to single slave.




--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to