Back to bug 1004156
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Kosek | 2013-09-04 06:27:33 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Doc Text | Cause: When DNS support is being added for an Identity Management server (for example via ipa-dns-install or by using --setup-dns flag in ipa-server-install/ipa-replica-install), the script adds a hostname of a new IdM DNS server to the list of name servers in the primary IdM DNS zone (via DNS NS record). However, it does not add the DNS NS record to other DNS zones served by the IdM. Consequence: The list of name servers in the non-primary DNS zones have only a limited set of IdM name servers serving the DNS zone (only one, without user intervention). When the limited set of IdM name servers is not available, these DNS zones are not resolvable. Workaround (if any): Manually add new DNS NS records to all non-primary DNS zones, when a new IdM replica is being added. Also manually remove such DNS NS records when the replica is being decommissioned. Result: Non-primary DNS zones can maintain higher availability by having manually maintained set of IdM name servers serving it. | |||
| Doc Type | Bug Fix | Known Issue | ||
| Last Closed | 2013-09-04 02:27:33 UTC | |||
| Eliska Slobodova | 2013-10-22 08:54:08 UTC | Doc Text | Cause: When DNS support is being added for an Identity Management server (for example via ipa-dns-install or by using --setup-dns flag in ipa-server-install/ipa-replica-install), the script adds a hostname of a new IdM DNS server to the list of name servers in the primary IdM DNS zone (via DNS NS record). However, it does not add the DNS NS record to other DNS zones served by the IdM. Consequence: The list of name servers in the non-primary DNS zones have only a limited set of IdM name servers serving the DNS zone (only one, without user intervention). When the limited set of IdM name servers is not available, these DNS zones are not resolvable. Workaround (if any): Manually add new DNS NS records to all non-primary DNS zones, when a new IdM replica is being added. Also manually remove such DNS NS records when the replica is being decommissioned. Result: Non-primary DNS zones can maintain higher availability by having manually maintained set of IdM name servers serving it. | When DNS support is being added for an Identity Management server (for example, by using the ipa-dns-install or by using the --setup-dns flag in ipa-server-install or ipa-replica-install), the script adds a hostname of a new Identity Management DNS server to the list of name servers in the primary Identity Management DNS zone (via DNS NS record). However, it does not add the DNS name server record to other DNS zones served by the Identity Management. As a consequence, the list of name servers in the non-primary DNS zones has only a limited set of Identity Management name servers serving the DNS zone (only one, without user intervention). When the limited set of Identity Management name servers is not available, these DNS zones are not resolvable. To work around this problem, manually add new DNS name server records to all non-primary DNS zones when a new Identity Management replica is being added. Also manually remove such DNS name server records when the replica is being decommissioned. Non-primary DNS zones can maintain higher availability by having a manually maintained set of Identity Management name servers serving it. |
Back to bug 1004156