<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <br> <br> <div class="moz-cite-prefix">On 13.04.2016 10:59, Ben .T.George wrote:<br> </div> <blockquote cite="mid:CA+C_GOVj9m7xedzn3Hyt+0sGrSP8v9o4+VjzgbHwo6krO=HVLA@mail.gmail.com" type="cite"> <div dir="ltr">Hi LIst, <div><br> </div> <div>getting below error while adding <span style="color:rgb(46,52,54);font-family:'Source Sans Pro',sans-serif;font-size:14px;line-height:20px">conditional forwarder for AD domain on IPA</span></div> <div><br> </div> <div> <div>[root@ipa ~]# ipa dnsforwardzone-add <a moz-do-not-send="true" href="http://ad.example.com">ad.example.com</a> --forwarder=192.168.37.131 --forward-policy=only</div> <div>Server will check DNS forwarder(s).</div> <div>This may take some time, please wait ...</div> <div>ipa: ERROR: DNS check for domain <a moz-do-not-send="true" href="http://ad.example.com">ad.example.com</a>. failed: All nameservers failed to answer the query <a moz-do-not-send="true" href="http://ad.example.com">ad.example.com</a>. IN SOA: Server 127.0.0.1 UDP port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered SERVFAIL.</div> </div> <div><br> </div> <div>how to fix this issue.</div> <div><br> </div> <div>Operating system : CentOs 7.2</div> <div> <div>IPA VERSION: 4.3.1, API_VERSION: 2.164</div> </div> <div><br> </div> <div>Thanks & Regards</div> <div>Ben</div> <div><br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> Hello,<br> <br> that timeout error is suspicious, are all IPA DNS working?<br> <br> can you try <br> <br> dig @youripaserveraddress ad.example.com SOA<br> <br> and post result?<br> <br> Martin<br> </body> </html>