<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Great, you are welcome :)<br> </p> <br> <div class="moz-cite-prefix">On 27.12.2016 13:41, Maciej Drobniuch wrote:<br> </div> <blockquote cite="mid:CAL0MufLAaEFJjvp3=xrXDhhpn4csXBvERZNCE_FetfBEz05sNg@mail.gmail.com" type="cite"> <div dir="ltr">Martin, <div><br> </div> <div>Your troubleshooting style put me on the right track. </div> <div><br> </div> <div>The alternative DNS servers had Ipv6 AAAA records that did not resolv properly. </div> <div><br> </div> <div>After deleting those records adding A records (with reverse PTR check) and adding host works fine. The PTR record is created in the GUI and works fine.</div> <div><br> </div> <div>Thank you very much for your time and help with this!</div> <div><br> </div> <div>Cheers!</div> <div>M.</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Tue, Dec 27, 2016 at 1:35 PM, Maciej Drobniuch <span dir="ltr"><<a moz-do-not-send="true" href="mailto:md@collective-sense.com" target="_blank">md@collective-sense.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir="ltr"> <div># dig soa 0.0.10.in-addr.arpa. </div> <div><br> </div> <div>; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> soa 0.0.10.in-addr.arpa.</div> <span class=""> <div>;; global options: +cmd</div> <div>;; Got answer:</div> </span> <div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60690</div> <div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 8</div> <span class=""> <div><br> </div> <div>;; OPT PSEUDOSECTION:</div> <div>; EDNS: version: 0, flags:; udp: 4096</div> <div>;; QUESTION SECTION:</div> </span> <div>;0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA</div> <div><br> </div> <div>;; ANSWER SECTION:</div> <div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>. <a moz-do-not-send="true" href="http://hostmaster.cs.int" target="_blank">hostmaster.cs.int</a>. 1482653944 3600 900 1209600 3600</div> <div><br> </div> <div>;; AUTHORITY SECTION:</div> <div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.</div> <div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://freeipa2.cs.int" target="_blank">freeipa2.cs.int</a>.</div> <div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://krkfreeipa.cs.int" target="_blank">krkfreeipa.cs.int</a>.</div> <span class=""> <div><br> </div> <div>;; ADDITIONAL SECTION:</div> <div><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.0.200</div> </span> <div><a moz-do-not-send="true" href="http://freeipa2.cs.int" target="_blank">freeipa2.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.1.200</div> <div><a moz-do-not-send="true" href="http://krkfreeipa.cs.int" target="_blank">krkfreeipa.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.2.6</div> <div><br> </div> <div>;; Query time: 15 msec</div> <div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div> <div>;; WHEN: wto gru 27 07:33:41 EST 2016</div> <div>;; MSG SIZE rcvd: 333</div> <div><br> </div> </div> <div class="HOEnZb"> <div class="h5"> <div class="gmail_extra"><br> <div class="gmail_quote">On Tue, Dec 27, 2016 at 1:28 PM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <p>I just noticed previously you sent wrong dig, I need</p> <p>dig 0.0.10.in-addr.arpa. SOA instead of the A rtype<br> </p> <div> <div class="m_3655751950487541326h5"> <p><br> </p> <p><br> </p> <br> <div class="m_3655751950487541326m_-8241788620314062342moz-cite-prefix">On 27.12.2016 13:21, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div># python -c 'from dns import resolver; a = resolver.query("0.0.10.in-addr<wbr>.arpa.", "SOA", "IN"); print <a moz-do-not-send="true" href="http://a.rrset.name" target="_blank">a.rrset.name</a>'</div> <div>0.0.10.in-addr.arpa.</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Tue, Dec 27, 2016 at 1:09 PM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"><span> <p><br> </p> <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507moz-cite-prefix">On 27.12.2016 13:04, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div>$ dig 0.0.10.in-addr.arpa</div> <div><br> </div> <div>; <<>> DiG 9.10.3-P4-Ubuntu <<>> 0.0.10.in-addr.arpa</div> <div>;; global options: +cmd</div> <div>;; Got answer:</div> <div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14232</div> <div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1</div> <div><br> </div> <div>;; OPT PSEUDOSECTION:</div> <div>; EDNS: version: 0, flags:; udp: 4096</div> <div>;; QUESTION SECTION:</div> <div>;0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A</div> <div><br> </div> <div>;; AUTHORITY SECTION:</div> <div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>3600<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>. <a moz-do-not-send="true" href="http://hostmaster.cs.int" target="_blank">hostmaster.cs.int</a>. 1482653944 3600 900 1209600 3600</div> <div><br> </div> <div>;; Query time: 197 msec</div> <div>;; SERVER: 10.0.0.200#53(10.0.0.200)</div> <div>;; WHEN: Tue Dec 27 13:02:24 CET 2016</div> <div>;; MSG SIZE rcvd: 111</div> <div><br> </div> </div> <div class="gmail_extra"><br> </div> </blockquote> </span> Hmm, this query doesn't contain ANSWER section, that may be reason why python-dns failed.<br> <br> could you check with:<br> <br> python -c 'from dns import resolver; a = resolver.query("0.0.10.in-addr<wbr>.arpa.", "SOA", "IN"); print <a moz-do-not-send="true" href="http://a.rrset.name" target="_blank">a.rrset.name</a>' <div> <div class="m_3655751950487541326m_-8241788620314062342h5"><br> <br> <br> <blockquote type="cite"> <div class="gmail_extra"> <div class="gmail_quote">On Tue, Dec 27, 2016 at 12:24 PM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"><span> <p><br> </p> <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457moz-cite-prefix">On 27.12.2016 12:07, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hi Martin! <div><br> </div> <div>Thank you for your time!<br> <div class="gmail_extra"><br> <div class="gmail_quote">On Thu, Dec 22, 2016 at 1:41 PM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-"> <p><br> </p> <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745moz-cite-prefix">On 22.12.2016 10:57, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hi Martin <div><br> </div> <div>Appreciate your help!<br> <div class="gmail_extra"><br> <div class="gmail_quote">On Thu, Dec 22, 2016 at 10:48 AM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"> <p><br> </p> <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538moz-cite-prefix">On 22.12.2016 09:37, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hi Martin <div><br> </div> <div>Thank you for reply. </div> <div><br> </div> <div>1. The dig is returning proper PTR record. I've added it manually to the zone and it's working.</div> </div> </blockquote> <br> </span> I was asking for SOA and zone name, IMO there is nothing secret about reverse zone name from private address space<br> <br> what returns this command on server?<br> python -c 'import netaddr; from dns import resolver; ip = netaddr.IPAddress("10.0.0.165"<wbr>); revn = ip.reverse_dns; print revn; print resolver.zone_for_name(revn)'<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br> <br> <br> </span></div> </blockquote> <div># python -c 'import netaddr; from dns import resolver; ip = netaddr.IPAddress("10.0.0.165"<wbr>); revn = ip.reverse_dns; print revn; print resolver.zone_for_name(revn)'</div> <div>165.0.0.10.in-addr.arpa.</div> <div>in-addr.arpa.</div> </div> </div> </div> </div> </blockquote> <br> </span> It looks that python-dns failed to find proper zone, what is supposed to be authoritative zone for that record in your system?<br> How do your reverse zones look?<br> </div> </blockquote> <div>I have the reverse zone added.</div> <div>0.0.10.in-addr.arpa. </div> <div><br> </div> <div>Do you know maybe how python/ipa is determining what's the dns server for the internal zone? </div> <div>As far I understood this is not a "access rights issue". It's a DNS PTR resolution problem with python(ipa's using python) ?</div> </div> </div> </div> </div> </blockquote> <br> </span> It doesn't care about resolver, python-dns is checking SOA records, it removes labels from left and tries to find best match zone<br> <br> what returns dig 0.0.10.in-addr.arpa. SOA ? <div> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507h5"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div> <div class="gmail_extra"> <div class="gmail_quote"> <div><br> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <br> <br> <blockquote type="cite"> <div dir="ltr"> <div> <div class="gmail_extra"> <div class="gmail_quote"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-"> <div> </div> <div><br> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"> <blockquote type="cite"> <div dir="ltr"> <div>2. The problem exists while adding host entries or A records with "create reverse" option.</div> </div> </blockquote> </span> That's why I asked to run dig, the code uses DNS system to determine zone.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div>3. If I'll bind a host with ipa-client-install the PTR record gets created in the reverse zone and it works</div> </div> </blockquote> </span> Ok</div> </blockquote> <div>Manually creating the PTR record works fine as well. </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div>4. The resolv.conf file has only the IPA server IP addres/localhost added.</div> </div> </blockquote> <br> </span> Have you changed it recently?</div> </blockquote> <div>Yes, it pointed to outside 8.8.8.8, so the OS did not see the local reverse zone.</div> <div>Now it's pointing to localhost. And I get dig the PTRs. (I've manually created the ptr)</div> <div><br> </div> </span> <div><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-"> <div># dig -x 10.0.0.165</div> <div><br> </div> <div>; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -x 10.0.0.165</div> <div>;; global options: +cmd</div> <div>;; Got answer:</div> <div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35592</div> <div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2</div> <div><br> </div> <div>;; OPT PSEUDOSECTION:</div> </span> <div>; E: version: 0, flags:; udp: 4096</div> <span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-"> <div>;; QUESTION SECTION:</div> <div>;165.0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>PTR</div> <div><br> </div> <div>;; ANSWER SECTION:</div> <div>165.0.0.10.in-addr.arpa. 1200<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>PTR<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://prdfrmprb01.cs.int" target="_blank">prdfrmprb01.cs.int</a>.</div> <div><br> </div> <div>;; AUTHORITY SECTION:</div> <div>1.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.</div> <div><br> </div> </span></div> </div> </div> </div> </div> </blockquote> <br> This authority section looks suspicious, I would expect something like 0.0.10.in-addr.arpa.<br> <br> Back to question about your reverse zones.</div> </blockquote> <div>I've intentionally hid our internal ip space, sorry, good catch my finger has slipped :). <br> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> So is the 0.0.10.in-addr.arpa. an authoritative zone? Or what dig returned in authority section. <div> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507h5"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div> <div class="gmail_extra"> <div class="gmail_quote"> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <div> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-h5"><br> <br> <span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"></span> <blockquote type="cite"> <div dir="ltr"> <div> <div class="gmail_extra"> <div class="gmail_quote"> <div> <div>;; ADDITIONAL SECTION:</div> <div><a moz-do-not-send="true" href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.0.200</div> <div><br> </div> <div>;; Query time: 3 msec</div> <div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div> <div>;; WHEN: czw gru 22 04:51:23 EST 2016</div> <div>;; MSG SIZE rcvd: 124</div> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-HOEnZb"><font color="#888888"><br> <br> Martin</font></span> <div> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-h5"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div><br> </div> <div>Cheers!</div> <div>M.</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, Dec 21, 2016 at 5:43 PM, Martin Basti <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"> <p>Hello all :)<br> </p> <span> <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012moz-cite-prefix">On 20.12.2016 01:33, Maciej Drobniuch wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div><span>Hi All!</span></div> <div><span><br> </span></div> <div><span>I get the following message while adding a new hostname. </span></div> <span> <div><span><br> </span></div> "The host was added but the DNS update failed with: DNS reverse zone in-addr.arpa. for IP address 10.0.0.165 is not managed by this server"</span><br clear="all"> </div> </blockquote> <br> </span> IPA failed to get correct reverse zone, can you try dig -x 10.0.0.165 what will be in SOA answer?<br> <br> What is the name of reverse zone you have on IPA DNS server?<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538HOEnZb"><font color="#888888"><br> <br> <br> Martin</font></span><span><br> <br> <blockquote type="cite"> <div dir="ltr"> <div><br> </div> <div>The reverse zone is configured and working. </div> <div>When I am manually adding the PTR record to the reverse zone - all OK</div> <div><br> </div> <div>While adding a new host, the A record is being created but the PTR fails with the message above.</div> <div><br> </div> <div>Reinstalling centos+IPA worked once but I had to reinstall again because of problems with kerberos(probably dependencies).</div> <div><br> </div> <div>Not sure what is the root cause of the issue.</div> <div><br> </div> <div>VERSION: 4.4.0, API_VERSION: 2.213<br> </div> <div><br> </div> <div>CENTOS7 Linux freeipa1 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux<br> </div> <div><br> </div> <div>Any help appreciated!</div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div>Collective-sense LLC</div> </div> </div> </div> </div> </div> </div> </div> <br> <fieldset class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> </span></div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div>Collective-sense LLC</div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:12.8px">2410 Camino Ramon, Suite 129</div> <div style="font-size:12.8px">San Ramon, CA 94583</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> Happy new year!<br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:small"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div> <div style="font-size:12.8px">Collective-Sense,LLC</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:small"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div> <div style="font-size:12.8px">Collective-Sense,LLC</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326m_-8241788620314062342gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:small"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div> <div style="font-size:12.8px">Collective-Sense,LLC</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="m_3655751950487541326gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:small"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div> <div style="font-size:12.8px">Collective-Sense,LLC</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr">Best regards</div> <div dir="ltr"><br> <div><span style="font-size:12.8px">Maciej Drobniuch</span></div> <div>Network Security Engineer</div> <div> <div style="font-size:small"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div dir="ltr"> <div> <div style="font-size:12.8px">Collective-Sense,LLC</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> <br> </body> </html>