<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/02/2014 08:54 PM, Matthew Herzog
wrote:<br>
</div>
<blockquote
cite="mid:CABhyZ347EU+Q85jQJGU30yx4njC3OtL_QsJZi1MMu1ZR2Lfd2Q@mail.gmail.com"
type="cite">
<div dir="ltr">Any other ideas? I just spun up a new VM and took
the defaults on everything while running ipa-server-install (the
defaults did make sense) and my new VM can't resolve -anything-
in the domain in which it lives. The "old" VM (running the same
versions of everything on the same OS) can't even resolve the
clients I have registered with it!
<div><br>
</div>
<div>So I'm pretty frustrated and am wondering, what _exactly_
is the role of bind in the IPA server and how is it expected
to know anything about the local DNS domain without becoming a
bind slave server?</div>
</div>
</blockquote>
<br>
I am not sure I am 100% with you but...<br>
If you use the defaults and nothing else you get to the scenario
when IPA has its DNS but it is a self contained environment. It
seems that this is what you observe.<br>
It is expected that you decide in advance what you want to do with
DNS. There are several options:<br>
1) You can delegate a zone to IPA to manage, then you need to
connect your IPA DNS to your existing DNS during install or after.<br>
In this case the systems joined to IPA will be a part of IPA
domain/zone and would also be able to resolve other systems around<br>
2) Not use IPA DNS if you do not want to take advantage of it<br>
3) Have a self contained demo/lab environment that you currently
observe.<br>
<br>
What is the intent?<br>
<br>
<blockquote
cite="mid:CABhyZ347EU+Q85jQJGU30yx4njC3OtL_QsJZi1MMu1ZR2Lfd2Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Dec 2, 2014 at 11:58 AM, Petr
Spacek <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:pspacek@redhat.com" target="_blank">pspacek@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb">
<div class="h5">On 2.12.2014 17:36, Martin Basti wrote:<br>
> On 02/12/14 17:28, Matthew Herzog wrote:<br>
>> I just realized that my IPA servers cannot
resolve ANY servers in my domain.<br>
>> What do I need to do to fix this? Below is my
named.conf.<br>
>><br>
>><br>
>> options {<br>
>> // turns on IPv6 for port 53, IPv4 is
on by default for all ifaces<br>
>> listen-on-v6 {any;};<br>
>><br>
>> // Put files that named is allowed to
write in the data/ directory:<br>
>> directory "/var/named"; // the default<br>
>> dump-file
"data/cache_dump.db";<br>
>> statistics-file
"data/named_stats.txt";<br>
>> memstatistics-file
"data/named_mem_stats.txt";<br>
>><br>
>> forward first;<br>
>> forwarders {<br>
>> 10.100.8.41;<br>
>> 10.100.8.40;<br>
>> 10.100.4.13;<br>
>> 10.100.4.14;<br>
>> 10.100.4.19;<br>
>> 10.100.4.44;<br>
>> };<br>
>><br>
>> // Any host is permitted to issue
recursive queries<br>
>> allow-recursion { any; };<br>
>><br>
>> tkey-gssapi-keytab "/etc/named.keytab";<br>
>> pid-file "/run/named/named.pid";<br>
>> };<br>
>><br>
>> /* If you want to enable debugging, eg. using
the 'rndc trace' command,<br>
>> * By default, SELinux policy does not allow
named to modify the /var/named<br>
>> directory,<br>
>> * so put the default debug log file in data/ :<br>
>> */<br>
>> logging {<br>
>> channel default_debug {<br>
>> file "data/named.run";<br>
>> severity dynamic;<br>
>> print-time yes;<br>
>> };<br>
>> };<br>
>> };<br>
>><br>
>> zone "." IN {<br>
>> type hint;<br>
</div>
</div>
>> file "<a moz-do-not-send="true"
href="http://named.ca" target="_blank">named.ca</a> <<a
moz-do-not-send="true" href="http://named.ca"
target="_blank">http://named.ca</a>>";<br>
<span class="">>> };<br>
>><br>
>> include "/etc/named.rfc1912.zones";<br>
>><br>
>> dynamic-db "ipa" {<br>
>> library "ldap.so";<br>
>> arg "uri
ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";<br>
>> arg "base cn=dns,
dc=bo3,dc=e-bozo,dc=com";<br>
>> arg "fake_mname <a
moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com"
target="_blank">freeipa-poc01.bo3.e-bozo.com</a><br>
</span>>> <<a moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com" target="_blank">http://freeipa-poc01.bo3.e-bozo.com</a>>.";<br>
<span class="">>> arg "auth_method sasl";<br>
>> arg "sasl_mech GSSAPI";<br>
>> arg "sasl_user DNS/<a
moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com"
target="_blank">freeipa-poc01.bo3.e-bozo.com</a><br>
</span>>> <<a moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com" target="_blank">http://freeipa-poc01.bo3.e-bozo.com</a>>";<br>
<span class="">>> arg "serial_autoincrement
yes";<br>
>> };<br>
>><br>
>><br>
>><br>
>><br>
> Hello,<br>
><br>
> which version ipa do you use? which platform? Which
version bind-dyndb-ldap?<br>
><br>
> Can you run these commands, and check if there any
errors?<br>
> ipactl status<br>
> systemctl status named (respectively journalctl -u
named)<br>
<br>
</span>We also may want to see information listed on page<br>
<a moz-do-not-send="true"
href="https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting"
target="_blank">https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Petr^2 Spacek<br>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</font></span></blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">If life gives you melons, you may be dyslexic.
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>