Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

28.4. Changing Domain DNS Configuration

28.4.1. Setting DNS Entries for Multi-Homed Servers

Some server machines may support multiple network interface cards (NICs). Multi-homed machines typically have multiple IPs, all assigned to the same hostname. This works fine in IdM most of the time because it listens on all available interfaces, except localhost. For a server to be available through any NIC, edit the DNS zone file and add entries for each IP address. For example:
ipaserver  IN A
ipaserver  IN A
ipaserver  IN A

28.4.2. Setting up Additional Name Servers

The list of configured nameservers in /etc/resolv.conf only contains the IdM server itself when configuration is finished. If the local named service ever crashes, then the IdM server is unable to run and DNS services for the entire domain are no longer available.
Other DNS servers should be added manually to the IdM server's /etc/resolv.conf file.
[root@server ~]# vim /etc/resolv.conf


; the IdM server

; backup DNS servers


A default limit of three servers is set for the /etc/resolv.conf file.
Other information about configuring the /etc/resolv.conf file is given in the resolv.conf manpage.

28.4.3. Changing Load Balancing for IdM Servers and Replicas

As Section 1.3.1, “About IdM Servers and Replicas” touches on, IdM servers and replicas in the domain automatically share the load among instances to maintain performance. The load balancing is defined first by the priority set for the server or replica in its SRV entry, and then by the weight of that instance for servers/replicas with the same priority. Clients contact servers/replicas with the highest priority and then work their way down.
Load balancing is done automatically by servers, replicas, and clients. The configuration used for load balancing can be altered by changing the priority and the weight given to a server or replica.
(All replicas are initially created with the same priority.)
For example, this gives server1 a higher priority than server 2, meaning it will be contacted first:
$ ipa dnsrecord-add _ldap._tcp --srv-rec="0 100 389"

$ ipa dnsrecord-add _ldap._tcp --srv-rec="1 100 389"
More information about SRV records is in RFC 2782.