<div dir="ltr">Martin,<div><br></div><div>Your troubleshooting style put me on the right track. </div><div><br></div><div>The alternative DNS servers had Ipv6 AAAA records that did not resolv properly. </div><div><br></div><div>After deleting those records adding A records (with reverse PTR check) and adding host works fine. The PTR record is created in the GUI and works fine.</div><div><br></div><div>Thank you very much for your time and help with this!</div><div><br></div><div>Cheers!</div><div>M.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 27, 2016 at 1:35 PM, Maciej Drobniuch <span dir="ltr"><<a href="mailto:md@collective-sense.com" target="_blank">md@collective-sense.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div># dig soa 0.0.10.in-addr.arpa. </div><div><br></div><div>; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> soa 0.0.10.in-addr.arpa.</div><span class=""><div>;; global options: +cmd</div><div>;; Got answer:</div></span><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60690</div><div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 8</div><span class=""><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div></span><div>;0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA</div><div><br></div><div>;; ANSWER SECTION:</div><div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>. <a href="http://hostmaster.cs.int" target="_blank">hostmaster.cs.int</a>. 1482653944 3600 900 1209600 3600</div><div><br></div><div>;; AUTHORITY SECTION:</div><div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.</div><div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://freeipa2.cs.int" target="_blank">freeipa2.cs.int</a>.</div><div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://krkfreeipa.cs.int" target="_blank">krkfreeipa.cs.int</a>.</div><span class=""><div><br></div><div>;; ADDITIONAL SECTION:</div><div><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.0.200</div></span><div><a href="http://freeipa2.cs.int" target="_blank">freeipa2.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.1.200</div><div><a href="http://krkfreeipa.cs.int" target="_blank">krkfreeipa.cs.int</a>.<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.2.6</div><div><br></div><div>;; Query time: 15 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: wto gru 27 07:33:41 EST 2016</div><div>;; MSG SIZE rcvd: 333</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 27, 2016 at 1:28 PM, Martin Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I just noticed previously you sent wrong dig, I need</p>
<p>dig 0.0.10.in-addr.arpa. SOA instead of the A rtype<br>
</p><div><div class="m_3655751950487541326h5">
<p><br>
</p>
<p><br>
</p>
<br>
<div class="m_3655751950487541326m_-8241788620314062342moz-cite-prefix">On 27.12.2016 13:21, Maciej Drobniuch
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div># python -c 'from dns import resolver; a =
resolver.query("0.0.10.in-addr<wbr>.arpa.", "SOA", "IN"); print <a href="http://a.rrset.name" target="_blank">a.rrset.name</a>'</div>
<div>0.0.10.in-addr.arpa.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Dec 27, 2016 at 1:09 PM, Martin
Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<p><br>
</p>
<br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507moz-cite-prefix">On
27.12.2016 13:04, Maciej Drobniuch wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>$ dig 0.0.10.in-addr.arpa</div>
<div><br>
</div>
<div>; <<>> DiG 9.10.3-P4-Ubuntu
<<>> 0.0.10.in-addr.arpa</div>
<div>;; global options: +cmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 14232</div>
<div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,
AUTHORITY: 1, ADDITIONAL: 1</div>
<div><br>
</div>
<div>;; OPT PSEUDOSECTION:</div>
<div>; EDNS: version: 0, flags:; udp: 4096</div>
<div>;; QUESTION SECTION:</div>
<div>;0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A</div>
<div><br>
</div>
<div>;; AUTHORITY SECTION:</div>
<div>0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>3600<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>SOA<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.
<a href="http://hostmaster.cs.int" target="_blank">hostmaster.cs.int</a>.
1482653944 3600 900 1209600 3600</div>
<div><br>
</div>
<div>;; Query time: 197 msec</div>
<div>;; SERVER: 10.0.0.200#53(10.0.0.200)</div>
<div>;; WHEN: Tue Dec 27 13:02:24 CET 2016</div>
<div>;; MSG SIZE rcvd: 111</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
</span> Hmm, this query doesn't contain ANSWER section,
that may be reason why python-dns failed.<br>
<br>
could you check with:<br>
<br>
python -c 'from dns import resolver; a =
resolver.query("0.0.10.in-addr<wbr>.arpa.", "SOA", "IN");
print <a href="http://a.rrset.name" target="_blank">a.rrset.name</a>'
<div>
<div class="m_3655751950487541326m_-8241788620314062342h5"><br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra">
<div class="gmail_quote">On Tue, Dec 27, 2016 at
12:24 PM, Martin Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<p><br>
</p>
<br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457moz-cite-prefix">On
27.12.2016 12:07, Maciej Drobniuch
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Martin!
<div><br>
</div>
<div>Thank you for your time!<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu,
Dec 22, 2016 at 1:41 PM, Martin
Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-">
<p><br>
</p>
<br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745moz-cite-prefix">On
22.12.2016 10:57, Maciej
Drobniuch wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Martin
<div><br>
</div>
<div>Appreciate your
help!<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Thu, Dec 22,
2016 at 10:48
AM, Martin Basti
<span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-">
<p><br>
</p>
<br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538moz-cite-prefix">On
22.12.2016
09:37, Maciej
Drobniuch
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi
Martin
<div><br>
</div>
<div>Thank you
for reply. </div>
<div><br>
</div>
<div>1. The
dig is
returning
proper PTR
record. I've
added it
manually to
the zone and
it's working.</div>
</div>
</blockquote>
<br>
</span> I was
asking for SOA
and zone name,
IMO there is
nothing secret
about reverse
zone name from
private
address space<br>
<br>
what returns
this command
on server?<br>
python -c
'import
netaddr; from
dns import
resolver; ip =
netaddr.IPAddress("10.0.0.165"<wbr>); revn = ip.reverse_dns; print revn;
print
resolver.zone_for_name(revn)'<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br>
<br>
<br>
</span></div>
</blockquote>
<div># python -c
'import
netaddr; from
dns import
resolver; ip =
netaddr.IPAddress("10.0.0.165"<wbr>); revn = ip.reverse_dns; print revn;
print
resolver.zone_for_name(revn)'</div>
<div>165.0.0.10.in-addr.arpa.</div>
<div>in-addr.arpa.</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</span> It looks that
python-dns failed to find
proper zone, what is
supposed to be authoritative
zone for that record in your
system?<br>
How do your reverse zones
look?<br>
</div>
</blockquote>
<div>I have the reverse zone
added.</div>
<div>0.0.10.in-addr.arpa. </div>
<div><br>
</div>
<div>Do you know maybe how
python/ipa is determining
what's the dns server for the
internal zone? </div>
<div>As far I understood this is
not a "access rights issue".
It's a DNS PTR resolution
problem with python(ipa's
using python) ?</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</span> It doesn't care about resolver,
python-dns is checking SOA records, it
removes labels from left and tries to find
best match zone<br>
<br>
what returns dig 0.0.10.in-addr.arpa. SOA ?
<div>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-">
<div> </div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-">
<blockquote type="cite">
<div dir="ltr">
<div>2. The
problem exists
while adding
host entries
or A records
with "create
reverse"
option.</div>
</div>
</blockquote>
</span> That's
why I asked to
run dig, the
code uses DNS
system to
determine
zone.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>3. If
I'll bind a
host with
ipa-client-install the PTR record gets created in the reverse zone and
it works</div>
</div>
</blockquote>
</span> Ok</div>
</blockquote>
<div>Manually
creating the
PTR record
works fine as
well. </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>4. The
resolv.conf
file has only
the IPA server
IP
addres/localhost
added.</div>
</div>
</blockquote>
<br>
</span> Have
you changed it
recently?</div>
</blockquote>
<div>Yes, it
pointed to
outside
8.8.8.8, so
the OS did not
see the local
reverse zone.</div>
<div>Now it's
pointing to
localhost. And
I get dig the
PTRs. (I've
manually
created the
ptr)</div>
<div><br>
</div>
</span>
<div><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-">
<div># dig -x
10.0.0.165</div>
<div><br>
</div>
<div>;
<<>>
DiG
9.9.4-RedHat-9.9.4-38.el7_3
<<>> -x 10.0.0.165</div>
<div>;; global
options: +cmd</div>
<div>;; Got
answer:</div>
<div>;;
->>HEADER<<-
opcode: QUERY,
status:
NOERROR, id:
35592</div>
<div>;; flags:
qr aa rd ra;
QUERY: 1,
ANSWER: 1,
AUTHORITY: 1,
ADDITIONAL: 2</div>
<div><br>
</div>
<div>;; OPT
PSEUDOSECTION:</div>
</span>
<div>; E:
version: 0,
flags:; udp:
4096</div>
<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-">
<div>;;
QUESTION
SECTION:</div>
<div>;165.0.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>PTR</div>
<div><br>
</div>
<div>;; ANSWER
SECTION:</div>
<div>165.0.0.10.in-addr.arpa.
1200<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>PTR<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://prdfrmprb01.cs.int" target="_blank">prdfrmprb01.cs.int</a>.</div>
<div><br>
</div>
<div>;;
AUTHORITY
SECTION:</div>
<div>1.0.10.in-addr.arpa.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>86400<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>NS<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.</div>
<div><br>
</div>
</span></div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
This authority section
looks suspicious, I would
expect something like
0.0.10.in-addr.arpa.<br>
<br>
Back to question about
your reverse zones.</div>
</blockquote>
<div>I've intentionally hid
our internal ip space,
sorry, good catch my finger
has slipped :). <br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
So is the 0.0.10.in-addr.arpa. an
authoritative zone? Or what dig returned in
authority section.
<div>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-h5"><br>
<br>
<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"></span>
<blockquote type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div>
<div>;;
ADDITIONAL
SECTION:</div>
<div><a href="http://freeipa1.cs.int" target="_blank">freeipa1.cs.int</a>.<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>1200<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>IN<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>A<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>10.0.0.200</div>
<div><br>
</div>
<div>;; Query
time: 3 msec</div>
<div>;;
SERVER:
127.0.0.1#53(127.0.0.1)</div>
<div>;; WHEN:
czw gru 22
04:51:23 EST
2016</div>
<div>;; MSG
SIZE rcvd:
124</div>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-HOEnZb"><font color="#888888"><br>
<br>
Martin</font></span>
<div>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Cheers!</div>
<div>M.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Wed, Dec 21,
2016 at 5:43
PM, Martin
Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hello all
:)<br>
</p>
<span> <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012moz-cite-prefix">On
20.12.2016
01:33, Maciej
Drobniuch
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div><span>Hi
All!</span></div>
<div><span><br>
</span></div>
<div><span>I
get the
following
message while
adding a new
hostname. </span></div>
<span>
<div><span><br>
</span></div>
"The host was
added but the
DNS update
failed with:
DNS reverse
zone
in-addr.arpa.
for IP address
10.0.0.165 is
not managed by
this server"</span><br clear="all">
</div>
</blockquote>
<br>
</span> IPA
failed to get
correct
reverse zone,
can you try
dig -x
10.0.0.165
what will be
in SOA answer?<br>
<br>
What is the
name of
reverse zone
you have on
IPA DNS
server?<span class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538HOEnZb"><font color="#888888"><br>
<br>
<br>
Martin</font></span><span><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>The
reverse zone
is configured
and working. </div>
<div>When I am
manually
adding the PTR
record to the
reverse zone -
all OK</div>
<div><br>
</div>
<div>While
adding a new
host, the A
record is
being created
but the PTR
fails with the
message above.</div>
<div><br>
</div>
<div>Reinstalling
centos+IPA
worked once
but I had to
reinstall
again because
of problems
with
kerberos(probably
dependencies).</div>
<div><br>
</div>
<div>Not sure
what is the
root cause of
the issue.</div>
<div><br>
</div>
<div>VERSION:
4.4.0,
API_VERSION:
2.213<br>
</div>
<div><br>
</div>
<div>CENTOS7
Linux freeipa1
3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64
x86_64
GNU/Linux<br>
</div>
<div><br>
</div>
<div>Any help
appreciated!</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Best
regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network
Security
Engineer</div>
<div>Collective-sense
LLC</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538m_-8076435932888776012mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail-m_2550165744306535538gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Best
regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network
Security
Engineer</div>
<div>Collective-sense
LLC</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail-m_7579420892651053745gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Best
regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network
Security
Engineer</div>
<div>
<div style="font-size:12.8px">2410
Camino Ramon,
Suite 129</div>
<div style="font-size:12.8px">San
Ramon, CA
94583</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
Happy new year!<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507m_3619922476149010457gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Best
regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network
Security
Engineer</div>
<div>
<div style="font-size:small">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div style="font-size:12.8px">Collective-Sense,LLC</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342m_9003651829905981507gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Best regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network Security Engineer</div>
<div>
<div style="font-size:small">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div style="font-size:12.8px">Collective-Sense,LLC</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3655751950487541326m_-8241788620314062342gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Best regards</div>
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Maciej
Drobniuch</span></div>
<div>Network Security Engineer</div>
<div>
<div style="font-size:small">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div style="font-size:12.8px">Collective-Sense,LLC</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_3655751950487541326gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Best regards</div><div dir="ltr"><br><div><span style="font-size:12.8px">Maciej Drobniuch</span></div><div>Network Security Engineer</div><div><div style="font-size:small"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div style="font-size:12.8px">Collective-Sense,LLC</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Best regards</div><div dir="ltr"><br><div><span style="font-size:12.8px">Maciej Drobniuch</span></div><div>Network Security Engineer</div><div><div style="font-size:small"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div style="font-size:12.8px">Collective-Sense,LLC</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>