We use nsupdate to to move the location of some of our services around. For instance there might be two servers that exchange roles, like serv.east.abc.com and serv.west.abc.com and we will have a service name like wiki.abc.com. The owner of the application has been given an nsupdate key that allows them to update and delete on the the wiki.abc.com and have that records contain either an "A" record for one or the other of the two servers.
I am very concerned that there might come a time when the SOA primary master server for this dynamic domain might be down when the application owner needs to do their nsupdate. One observation that we see is that Window AD and DNS make every AD DNS server an SOA for any domain that it servers. That any dynamic DNS update can be serviced by any Domain controller and that this update is replicated with LDAP to the other DCs. It was our hope that we could use IPA for our DNS servers for this dynamic domain. That we would have multiple forward statements from our main DNS servers to the IPA DNS servers and that any IPA server would be the SOA. This way the nsupdate would be processed by any available IPA server in the event that one or more of these IPA DNS servers would be down or unreachable. Is there a way to make each IPA system a SOA for the same domain and still have the DNS records replicate between them? thanks, Bob Harvey
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
