Hi,
On Thu, Aug 25, 2022 at 7:41 PM Harry G Coin via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
In a 'standard' freeipa setup with two freeipa masters that
provide
authoritative DNS for a zone (in this instance using the named-pkcs11
bind version) and no other DNS slaves:
When an IP address is changed in freeipa DNS for a host:
Question 1: Does the 'notify' feature of bind9/named from one machine
to the other accomplish any actual value (TTL related or otherwise)
given they both rely on bind-dyndbldap and as such the dns change is
migrated via ldap? In other words, would any performance suffer if I
just turned off notifies among the freeipa masters?
My understanding is that the notify feature is only useful if you want to
have IPA
setup as DNS master, and a non-IPA DNS slave. There is an old
presentation (from FreeIPA 3.0) that can be found here:
https://www.freeipa.org/images/b/b6/Freeipa30_DNS_zone_transfers.pdf and
explains a bit about zone transfer.
Question 2: What is the sequence of operations when an IP address is
changed in freeipa? I expect it would be the first ldap db gets
updated, then the replicas ldap dbs get updated, then after all ldaps
are updated each of them tells 'their respective' bind instances to
update. Yes? No?
The data is propagated to the other IPA DNS servers using the LDAP
replication mechanism.
On each IPA DNS server, the bind server is setup with a special plugin,
bind-dyndb-ldap (
https://docs.pagure.org/bind-dyndb-ldap/), that is using
syncRepl mechanism to be notified when there are changes in LDAP that are
related to the DNS records (
https://docs.pagure.org/bind-dyndb-ldap/BIND9/Design/LdapSynchronizationO...
).
In short, the sequence is
1/ write to LDAP on server A
2/ LDAP replication propagates to server B
3/ on server B, syncRepl detects a change and bind processes the update
HTH,
flo
Thanks!
Harry Coin
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue