Re: [Freeipa-users] Client configuration to point to Replica server once master service failed

You could use DNS based failover for this. Configure DNS with a low TTL value like 60 secs. When the primary fails, update the dns with the secondary. Services like dynect offer tihs. On 1 January 2015 at 11:05, Sanju A wrote: > Hi All, > > I have configured Master - Master replication and rep

[Freeipa-users] Client configuration to point to Replica server once master service failed

Hi All, I have configured Master - Master replication and replication (bi direction) is working fine. Can I get the configuration that has to be added/modified in server/client machine so as to point to the replica server once the master failed. Right now it is not working. Regards Sanju Abr

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

On Wed, Dec 31, 2014 at 10:34:37PM +0100, Jan Pazdziora wrote: > > > endpoints, or their users, should not be trusted to > > make updates to DNS zones. TSIG signed updates from servers are still > > preferred over authenticated updates from endpoints or users. > > Server has identity just like s

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

On Wed, Dec 31, 2014 at 01:59:32PM -0500, Brendan Kearney wrote: > > i have played with nsupdate, and it does look like updates will be > allowed if i remove the access restriction, but i am losing the > authenticity of the update, since the TSIG shared secret signs the > update. The goal is not

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

El mié, 31-12-2014 a las 13:59 -0500, Brendan Kearney escribió: > regardless of authentication, client updates to DNS zones are still a > risk and a rogue app or user can still perform direct updates to zones, > leading to impersonation/interception of services, denial of service > attacks and mor

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

On Wed, 2014-12-31 at 19:06 +0100, Jan Pazdziora wrote: > On Mon, Dec 29, 2014 at 07:12:26PM -0500, Brendan Kearney wrote: > > On Mon, 2014-12-29 at 16:53 -0500, Dmitri Pal wrote: > > > bind-dyndb-ldap isa back end driver for BIND to get data from an LDAP > > > storage. > > > The updates are done

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

On Mon, Dec 29, 2014 at 07:12:26PM -0500, Brendan Kearney wrote: > On Mon, 2014-12-29 at 16:53 -0500, Dmitri Pal wrote: > > bind-dyndb-ldap isa back end driver for BIND to get data from an LDAP > > storage. > > The updates are done by BIND. The IPA BIND accepts kerberos based updates. > > > > htt