<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 25/02/15 17:59, Shaun Martin wrote:<br>
</div>
<blockquote
cite="mid:6485FD7F-35D0-40BB-81EF-AE79D64FEBB9@blackducksoftware.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Hi,
<div><br>
</div>
<div>I am having an issue with the forward first not appear to be
working. I have two separate IPA servers that server separate
realms. I have for the reverse zone configured forwarders to
point to the other realms IPA server. All versions are identical
on the IPA servers. I have included details on version and tests
that show this is not working.</div>
<div><br>
</div>
<div>
<div>$ yum list installed |grep bind-dyndb-ldap</div>
<div>bind-dyndb-ldap.x86_64 3.5-4.el7
@base </div>
<div><br>
</div>
<div>$ yum list installed |grep ipa</div>
<div>ipa-admintools.x86_64
3.3.3-28.0.1.el7.centos.3 @updates </div>
<div>ipa-client.x86_64
3.3.3-28.0.1.el7.centos.3 @updates </div>
<div>ipa-python.x86_64
3.3.3-28.0.1.el7.centos.3 @updates </div>
<div>ipa-server.x86_64
3.3.3-28.0.1.el7.centos.3 @updates </div>
<div>libipa_hbac.x86_64 1.11.2-68.el7_0.6
@updates </div>
<div>libipa_hbac-python.x86_64 1.11.2-68.el7_0.6
@updates </div>
<div>python-iniparse.noarch 0.4-9.el7
@anaconda</div>
<div>sssd-ipa.x86_64 </div>
<div><br>
</div>
<div>
<div><b>BELOW IS WITH FORWARDING DISABLED</b>. It cannot find
10.1.0.9 but can find 10.1.20.9. This is expected as this
server only has the 10.1.20.9 record.</div>
<div>$ nslookup </div>
<div>> server 10.1.20.9</div>
<div>Default server: 10.1.20.9</div>
<div>Address: 10.1.20.9#53</div>
<div>> 10.1.20.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>9.20.1.10.in-addr.arpa<span class="Apple-tab-span"
style="white-space:pre"> </span>
name = prd-ops-ipa01.uzb.local.</div>
<div>> 10.1.0.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN</div>
</div>
<div><br>
</div>
<div>
<div><b>BELOW IS WITH FORWARDING ENABLED</b>. It cannot find
10.1.20.9 but can find 10.1.0.9. This is expected as the
forwarding server only has the 10.1.0.9 record.</div>
<div>> 10.1.20.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN</div>
<div>> 10.1.0.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>Non-authoritative answer:</div>
<div>9.0.1.10.in-addr.arpa<span class="Apple-tab-span"
style="white-space:pre"> </span>
name = ops-ipa01.bbf.local.</div>
<div><br>
</div>
<div>Authoritative answers can be found from:</div>
<div>1.10.in-addr.arpa<span class="Apple-tab-span"
style="white-space:pre"> </span>
nameserver = ops-ipa01.bbf.local.</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div><b>BELOW IS WITH FORWARD FIRST ENABLED</b>. It cannot
find 10.1.20.9 but can find 10.1.0.9. This is un-expected as
the local zone has the 10.1.20.9 and the forward server has
the 10.1.0.9 so we should be getting both.</div>
<div>> 10.1.20.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN</div>
<div>> 10.1.0.9</div>
<div>Server:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9</div>
<div>Address:<span class="Apple-tab-span"
style="white-space:pre"> </span>10.1.20.9#53</div>
<div><br>
</div>
<div>Non-authoritative answer:</div>
<div>9.0.1.10.in-addr.arpa<span class="Apple-tab-span"
style="white-space:pre"> </span>
name = ops-ipa01.bbf.local.</div>
<div><br>
</div>
<div>Authoritative answers can be found from:</div>
<div>1.10.in-addr.arpa<span class="Apple-tab-span"
style="white-space:pre"> </span>
nameserver = ops-ipa01.bbf.local.</div>
<div>ops-ipa01.bbf.local<span class="Apple-tab-span"
style="white-space:pre"> </span>
internet address = 10.1.0.9</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Any help is greatly appreciated.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Shaun</div>
<div><br>
</div>
<div><span><img apple-inline="yes"
id="505FD4B0-E494-48B7-92D4-E828EF968787"
apple-width="yes" apple-height="yes"
src="cid:part1.00010406.08090406@redhat.com" height="48"
width="200"></span><span style="font-family: Calibri,
sans-serif; font-size: 15px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; color: rgb(66, 66, 66);"><br
class="Apple-interchange-newline">
Shaun Martin<br>
</span><span style="font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 10pt; color: rgb(121, 121, 121);">IT\OPS Manager<br>
Black Duck Software<br>
O: +1.781.425.4336<br>
</span><span style="font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 8pt; color: rgb(121, 121, 121);"><br>
</span><span style="font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 10pt; color: rgb(31, 73, 125);"><a
moz-do-not-send="true"
href="http://www.blackducksoftware.com/" style="color:
purple;"><span style="color: blue;">Black Duck Software</span></a></span><span
style="font-family: Calibri, sans-serif; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; font-size: 10pt; color:
rgb(121, 121, 121);"> | </span><span style="font-family:
Calibri, sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; font-size: 10pt; color: rgb(31, 73, 125);"><a
moz-do-not-send="true" href="https://www.openhub.net/"
style="color: purple;"><span style="color: blue;">OpenHUB</span></a></span><span
style="font-family: Calibri, sans-serif; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; font-size: 10pt; color:
rgb(121, 121, 121);"> | </span><span style="font-family:
Calibri, sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; font-size: 10pt; color: rgb(31, 73, 125);"><a
moz-do-not-send="true"
href="http://osdelivers.blackducksoftware.com/"
style="color: purple;"><span style="color: blue;">OSDelivers</span></a></span><span
style="font-family: Calibri, sans-serif; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; font-size: 10pt; color:
rgb(121, 121, 121);"> | </span><span style="font-family:
Calibri, sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; font-size: 10pt; color: rgb(31, 73, 125);"><a
moz-do-not-send="true"
href="https://www.blackducksoftware.com/oss-logistics"
style="color: purple;"><span style="color: blue;">OSS
Logistics</span></a></span><span style="color: rgb(0, 0,
0); font-family: Calibri, sans-serif; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; font-size: 10pt;"><br>
</span><span style="color: rgb(0, 0, 0); font-family: Calibri,
sans-serif; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 8pt;"><br>
</span><a moz-do-not-send="true"
href="http://twitter.com/black_duck_sw" style="font-family:
Calibri, sans-serif; font-size: 15px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; color: purple;"><span
style="font-size: 9pt; color: blue; text-decoration:
none;"><span><img apple-inline="yes"
id="EDF7853C-3F6F-4F75-B1BB-F7F0317B0E7E"
apple-width="yes" apple-height="yes"
src="cid:part6.05050508.09050305@redhat.com"
height="25" width="25"></span><span style="color:
rgb(0, 0, 0); font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 9pt;"> </span></span></a><a
moz-do-not-send="true"
href="https://www.linkedin.com/company/black-duck-software"
style="font-family: Calibri, sans-serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; color:
purple;"><span style="font-size: 9pt; color: blue;
text-decoration: none;"><span><img apple-inline="yes"
id="25963BF2-10E9-4861-A8E3-7F8278445A1F"
apple-width="yes" apple-height="yes"
src="cid:part8.08090406.02000100@redhat.com"
height="25" width="25"></span><span style="color:
rgb(0, 0, 0); font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 9pt;"> </span></span></a><a
moz-do-not-send="true"
href="https://www.facebook.com/BlackDuckSoftware"
style="font-family: Calibri, sans-serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; color:
purple;"><span style="font-size: 9pt; color: blue;
text-decoration: none;"><span><img apple-inline="yes"
id="3190545C-D1C1-4F88-8BB7-6728DF25746C"
apple-width="yes" apple-height="yes"
src="cid:part10.08020502.07020003@redhat.com"
height="25" width="25"></span><span style="color:
rgb(0, 0, 0); font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 9pt;"> </span></span></a><a
moz-do-not-send="true"
href="https://plus.google.com/+Blackducksoftware/"
style="font-family: Calibri, sans-serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; color:
purple;"><span style="font-size: 9pt; color: blue;
text-decoration: none;"><span><img apple-inline="yes"
id="F6BAC87A-6CF3-4144-8B66-1A725E37B9A1"
apple-width="yes" apple-height="yes"
src="cid:part12.09000607.07060402@redhat.com"
height="25" width="25"></span><span style="color:
rgb(0, 0, 0); font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 9pt;"> </span></span></a><a
moz-do-not-send="true"
href="http://www.slideshare.net/blackducksoftware"
style="font-family: Calibri, sans-serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; color:
purple;"><span style="font-size: 9pt; color: blue;
text-decoration: none;"><span><img apple-inline="yes"
id="AB5F2B57-D5C7-4CA9-A4EB-A40331A79FA0"
apple-width="yes" apple-height="yes"
src="cid:part14.09020103.04070105@redhat.com"
height="25" width="25"></span><span style="color:
rgb(0, 0, 0); font-family: Calibri, sans-serif;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
font-size: 9pt;"> </span></span></a><a
moz-do-not-send="true"
href="https://www.youtube.com/user/BlackDuckSoftware"
style="font-family: Calibri, sans-serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; color:
purple;"><span style="font-size: 9pt; color: blue;
text-decoration: none;"><span><img apple-inline="yes"
id="C545592C-7FA8-4811-BD3A-1C3BA63CDD03"
apple-width="yes" apple-height="yes"
src="cid:part16.05060002.00090102@redhat.com"
height="25" width="25"></span><br style="color: rgb(0,
0, 0); font-family: Calibri, sans-serif; font-size:
15px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;">
<span style="color: rgb(0, 0, 0); font-family: Calibri,
sans-serif; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; font-size: 8pt;"><br>
</span><i style="color: rgb(0, 0, 0); font-family:
Calibri, sans-serif; font-size: 15px; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"><span style="font-size:
10pt;">JP Morgan Chase & Co. Hall of Innovation
Inductee</span></i> </span></a></div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Hello,<br>
<br>
we need more info:<br>
do you use global forwarders, or zone forwarders?<br>
how your reverse zones are configured (name, delegation)?<br>
<br>
Default forwarding policy is first, IMO both of your examples with
forwarding enabled are forwarding first policy.<br>
<br>
Martin<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>