Hello, On Mon, Jun 21, 2021 at 3:40 PM Kees Bakker via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > Hi, > > There is nothing in the daemon logs with "syncrepl" or "sync_repl". > > Should there be a syncrepl log for every update? Or only when there > is a failure? > > Do I need to enable debugging of the dyndb plugin?
You might need to increase bind log level with something like `rdnc trace 10` (or more, I don't remember the exact level you'll need). Rafael > -- Kees > > On 21-06-2021 18:56, Florence Renaud wrote: > > Hi, > > the high level view is the following: when there is an update related to DNS data on an IPA server (new/updated/deleted zone, new/updated/deleted record), it gets written to LDAP. As the LDAP data is replicated to the other IPA servers, their local LDAP database gets updated. > The bind daemon running on the replica is configured with bind-dyndb-ldap plugin, that uses the syncrepl mechanism to be warned of updates in the LDAP database. So each time there is a change in the DNS data in the LDAP server, the bind daemon is notified and can handle the change locally and update its view. > > If the LDAP data is properly replicated but the bind daemon does not serve the expected records, it probably means that the syncrepl mechanism is broken. If you have a look at the journal you may see logs with "sync_repl" or "syncrepl" keywords and they will help diagnose the problem. > The bind daemon logs are located in /var/named/data/ and may also help. > > flo > > On Mon, Jun 21, 2021 at 2:17 PM Kees Bakker via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: >> >> Hey, >> >> Recently I discovered that the nameservers of two out the three IPA >> masters (replicas) are >> not responding with up-to-date information. >> >> Our setup has three masters. Each is configured as nameserver. Most of >> the time I use >> one as the main master when I modify DNS entries. We also have a DHCP >> server that >> sends updates to that "main" master. >> >> What I now discovered is that updates are not available when clients use >> the two >> other masters. >> >> On all three masters the DNS record is present when I use local >> ldapsearch [1]. But with dig >> the record is only present on one master. >> >> If I restart the nameserver it then has all records available. >> >> What would be the best method to find out what is wrong? >> >> BTW. There are two things that changed recently. I mention this in case >> it rings a bell. >> 1. one master was re-installed with CentOS 8 Stream. An other CentOS8 >> master was added >> a few weeks ago. >> 2. our nameservers don't have connection to the Internet any more. So, >> root servers cannot >> be found. >> >> [1] by local ldapsearch I mean doing a command like this: >> ldapsearch -H ldapi://%2fvar%2frun%2f... >> -- >> Kees >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
