Is there a way of exporting the DNS information out of Freeipa? Then I could just do a diff on the export from master and replica.
> On Sep 24, 2015, at 11:13 AM, Martin Basti <mba...@redhat.com> wrote: > > > > On 09/24/2015 05:02 PM, Rich Megginson wrote: >> On 09/24/2015 08:53 AM, Martin Basti wrote: >>> >>> >>> On 09/24/2015 04:43 PM, Rich Megginson wrote: >>>> On 09/24/2015 08:32 AM, Aric Wilisch wrote: >>>>> I need a way to validate that both the primary and the redundant FreeIPA >>>>> server’s DNS zones are in sync. What’s the simplest way for me to do this? >>>> >>>> Do a DNS query to confirm that the SOA record for the primary is identical >>>> to the SOA for the secondary. >>> >>> SOA serials are not replicated. >> >> So with IPA you can have a master DNS and a replica DNS that have different >> SOA? > Just SOA serial, other records are replicated. > >> >> Then the records are replicated using the standard IPA dirsrv replication >> protocol? >> >> In that case, doesn't ipa-replica-manage have a way to ask if the replicas >> are in sync? > I don't think that ipa-replica-manage is capable to detect if replicas are in > sync. > AFAIK this feature is planned for future IPA versions. > Inspecting DS error log may help to find replication issues if any. > > Martin > >> >>> >>> You can get all records via AXFR, and compare them per zone. >>> >>> Maybe you can use python-dns to do comparation >>> >>> http://www.dnspython.org/examples.html >> >> That seems pretty heavyweight if there are a lot records. >> >>> >>> HTH >>> Martin >>>> >>>>> >>>>> My boss won’t let me continue with an upgrade until he’s sure the primary >>>>> and redundant servers have the same DNS records and are in sync. I’ve >>>>> tried finding documentation on this but keep coming up blank. >>>>> >>>>> Thanks in advance. >>>>> >>>> >>> >> > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
