Hi, On Thu, Aug 25, 2022 at 7:41 PM Harry G Coin via FreeIPA-users < [email protected]> wrote:
> In a 'standard' freeipa setup with two freeipa masters that provide > authoritative DNS for a zone (in this instance using the named-pkcs11 > bind version) and no other DNS slaves: > > When an IP address is changed in freeipa DNS for a host: > > Question 1: Does the 'notify' feature of bind9/named from one machine > to the other accomplish any actual value (TTL related or otherwise) > given they both rely on bind-dyndbldap and as such the dns change is > migrated via ldap? In other words, would any performance suffer if I > just turned off notifies among the freeipa masters? > > My understanding is that the notify feature is only useful if you want to have IPA setup as DNS master, and a non-IPA DNS slave. There is an old presentation (from FreeIPA 3.0) that can be found here: https://www.freeipa.org/images/b/b6/Freeipa30_DNS_zone_transfers.pdf and explains a bit about zone transfer. Question 2: What is the sequence of operations when an IP address is > changed in freeipa? I expect it would be the first ldap db gets > updated, then the replicas ldap dbs get updated, then after all ldaps > are updated each of them tells 'their respective' bind instances to > update. Yes? No? > The data is propagated to the other IPA DNS servers using the LDAP replication mechanism. On each IPA DNS server, the bind server is setup with a special plugin, bind-dyndb-ldap (https://docs.pagure.org/bind-dyndb-ldap/), that is using syncRepl mechanism to be notified when there are changes in LDAP that are related to the DNS records ( https://docs.pagure.org/bind-dyndb-ldap/BIND9/Design/LdapSynchronizationOverview.html ). In short, the sequence is 1/ write to LDAP on server A 2/ LDAP replication propagates to server B 3/ on server B, syncRepl detects a change and bind processes the update HTH, flo > > Thanks! > > Harry Coin > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
