Thanks for the pointers / explanations everyone.

It would be nice if adding a replica didn't reset the SOA/NS, but the main reason I say that isn't due to the actual work of fixing it, but that once we're set up with replicas in all our offices we'll add new ones so infrequently I guarantee this will get forgotten / overlooked and cause confusion, even though I will put it into the internal KB :D

Would be nice if there was a per-zone setting to prevent this reset - perhaps even some option to specify public/private IPs for each replica and a simple public/private switch on the zone, so that it would default to using the correct IPs (and any without public IPs on a public zone would just not appear in NS/SOA records), but I understand this is outside the scope that FreeIPA is interested in supporting.

If I manually add extra NS records, will they get nuked when adding a replica, or just not be listed in SOA anymore? If nobody is sure I'll try to test this...

On Thu, Nov 8, 2018 at 10:14 PM, Peter Fern via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

On 9/11/18 3:07 pm, John Petrini via FreeIPA-users wrote:

The mname override now lives in ldap and is configured using the
dnsserver-mod command. fake_mname is no longer included in named.conf.
I think that feature was added to address this issue:
https://pagure.io/bind-dyndb-ldap/issue/162

We use TSIG for dynamic updates without any issues, not sure if
something has changed there but it works for us.

Good to know - things may indeed have changed, last time I messed with this was on v4.3.x.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org