On 08.03.2017 14:05, Wimmer Ronald (BCC.B.SO) wrote: > > Hi, > > > > I am using FreeIPA with external DNS. Is it ok to balance the requests > between master and replica with DNS SRV records like this: > > > > _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. > > _kerberos-master._udp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. > > _kerberos._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. > > _kerberos._udp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. > > _kpasswd._tcp.example.net. 86400 IN SRV 10 50 464 ipa1.example.net. > > _kpasswd._udp.example.net. 86400 IN SRV 10 50 464 ipa1.example.net. > > _ldap._tcp.example.net. 86400 IN SRV 10 50 389 ipa1.example.net. > > _ntp._udp.example.net. 86400 IN SRV 10 50 123 ipa1.example.net. > > > > _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net. > > _kerberos-master._udp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net. > > _kerberos._tcp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net. > > _kerberos._udp.example.net. 86400 IN SRV 10 50 88 ipa2.example.net. > > _kpasswd._tcp.example.net. 86400 IN SRV 10 50 464 ipa2.example.net. > > _kpasswd._udp.example.net. 86400 IN SRV 10 50 464 ipa2.example.net. > > _ldap._tcp.example.net. 86400 IN SRV 10 50 389 ipa2.example.net. > > _ntp._udp.example.net. 86400 IN SRV 10 50 123 ipa2.example.net. > > > > _kerberos.example.net. 86400 IN TXT "example.net" > Looks good to me
> ipa-ca.example.net. 86400 IN A 10.66.39.130 > > > > What about the “ipa-ca” entry? > ipa-ca should contain all A/AAAA records of CA replicas IPA4.4+ support command `ipa dns-update-system-records --dry-run` to get all required records > > > > Regards, > > Ronald > > > Martin
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
