On 4.11.2014 16:57, Matthew Sellers wrote: > Hi Guys, > > Thanks for the previous replies. I hate to dig up and old thread, but im > still banging my head on this. I am trying to configure IPA to send notify > to slaves servers on manual updates from the web or CLI tools. > > Dynamic DNS updates from an IPA client issuing an nsupdate works great, I > get an immediate zone transfer to zone NS slaves ( bind 9.x slaves). > > Performing an update via IPA CLI ( for non-dynamic static record) tools > triggers nothing. The test documents and Petr's previous statements hold > true for the nsupdate case, is this also true for CLI driven updates as > well? > > I have tested this on 3.3.5 (Fedora 20) and 4.1 (COPR) release.
Congratulations! You have found a regression in bind-dyndb-ldap: https://fedorahosted.org/bind-dyndb-ldap/ticket/144 I have sent patch to the devel list and it is waiting for review at the moment. It should be fixed in nearest release of bind-dyndb-ldap. Thank you very much for catching this! Petr^2 Spacek > On Wed, Sep 3, 2014 at 2:25 AM, Petr Spacek <pspa...@redhat.com> wrote: > >> On 1.9.2014 12:16, Dmitri Pal wrote: >> >>> On 09/01/2014 12:05 PM, Martin Kosek wrote: >>> >>>> On 09/01/2014 07:50 AM, Dmitri Pal wrote: >>>> >>>>> On 08/29/2014 09:32 PM, Matthew Sellers wrote: >>>>> >>>>>> Hi Everyone! >>>>>> >>>>>> I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure >>>>>> FreeIPA to >>>>>> send notifies to non-IPA slaves, but it seems broken on IPA ( notify >>>>>> packets >>>>>> are never sent to to slaves ). >>>>>> >>>>>> I have configured also-notify { nameserverip; }; in named.conf on my >>>>>> FreeIPA >>>>>> test host in the options section and watched for notify traffic with >>>>>> tcpdump. >>>>>> >>>>>> This document suggests that this is supported, and this is something I >>>>>> have >>>>>> used in non-IPA bind servers with no issues. >>>>>> >>>>>> https://fedoraproject.org/wiki/QA:Testcase_freeipav3_dns_zone_transfer >>>>>> >>>>>> I wanted to ask the list before I file a bug with more details. Is >>>>>> anyone >>>>>> using this bind feature on IPA with any success? >>>>>> >>>>>> Thanks! >>>>>> Matt >>>>>> >>>>>> >>>>>> The DNS level change propagation is not supported between IPA >>>>> replicas instead >>>>> it uses LDAP replication to propagate the changes. >>>>> If you want another non IPA DNS server to be a slave then you can do >>>>> it. See >>>>> http://www.freeipa.org/page/V3/DNS_SOA_serial_auto-incrementation for >>>>> more >>>>> information. >>>>> >>>> I thought that from F20, bind-dyndb-ldap was capable of native DNS >>>> operations >>>> like AXFR/IXFR which can be used to actually deploy slave DNS servers. I >>>> wonder >>>> if also-notify is something different. CCing Petr Spacek to advise. >>>> >>> AFAIU slave DNS servers not controlled by IPA yes, replicas as slaves - >>> no. >>> >> >> Let me summarize: >> - AXFR is supported (at least) by all versions RHEL 6.5 and newer versions >> - IXFR is supported by bind-dyndb-ldap 4.0 and newer (Fedora 20+) >> - DNS NOTIFY messages are always sent to servers listed in NS records >> >> I.e. you have to add your non-IPA slave servers to NS records in >> particular zone and then it should 'just work', no other configuration >> (like 'also-notify') is necessary. >> >> Please let me know if it doesn't work for you. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
