[Freeipa-users] 3.0 beta1 install on Fedora 17 - No DNS Zones

Rob Crittenden rcritten at redhat.com
Thu Jul 26 13:28:01 UTC 2012 

Michael Mercier wrote:
> Hello,
>
> I have installed FreeIPA 3.0 beta 1 on Fedora 17, and added a Fedora 17 client.
>
> I do not have anything under the Identity -> DNS tab (i.e. no DNS zones)
>
> I did the following when installing:
>
>
> On the server:
> [root at ipaserver ~]#ipa-server-install
> -- oops forgot to include DNS
> [root at ipaserver ~]#ipa-server-install --uninstall -U
> [root at ipaserver ~]#ipa-server-install --setup-dns --no-forwarders
> -- at some point the installer prompted with a message that a named.conf already existed, overwrite?
> -- I chose yes
> [root at ipaserver ~]# cd /var/named/
> [root at ipaserver named]# ls
> data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
> [root at ipaserver named]# find .
> .
> ./named.loopback
> ./named.empty
> ./slaves
> ./named.localhost
> ./data
> ./data/named.run
> ./dynamic
> ./named.ca
> [root at ipaserver named]# cat /etc/named.conf
> options {
> 	// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
> 	listen-on-v6 {any;};
>
> 	// Put files that named is allowed to write in the data/ directory:
> 	directory "/var/named"; // the default
> 	dump-file		"data/cache_dump.db";
> 	statistics-file		"data/named_stats.txt";
> 	memstatistics-file	"data/named_mem_stats.txt";
>
> 	forward first;
> 	forwarders { };
>
> 	// Any host is permitted to issue recursive queries
> 	allow-recursion { any; };
>
> 	tkey-gssapi-credential "DNS/ipaserver.beta.local";
> 	tkey-domain "BETA.LOCAL";
> };
>
> /* If you want to enable debugging, eg. using the 'rndc trace' command,
>   * By default, SELinux policy does not allow named to modify the /var/named directory,
>   * so put the default debug log file in data/ :
>   */
> logging {
> 	channel default_debug {
> 		file "data/named.run";
> 		severity dynamic;
> 	};
> };
>
> zone "." IN {
> 	type hint;
> 	file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
>
> dynamic-db "ipa" {
> 	library "ldap.so";
> 	arg "uri ldapi://%2fvar%2frun%2fslapd-BETA-LOCAL.socket";
> 	arg "base cn=dns, dc=beta,dc=local";
> 	arg "fake_mname ipaserver.beta.local.";
> 	arg "auth_method sasl";
> 	arg "sasl_mech GSSAPI";
> 	arg "sasl_user DNS/ipaserver.beta.local";
> 	arg "zone_refresh 0";
> 	arg "psearch yes";
> };
>
> [root at ipaserver ~]# ifconfig eth0
> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>          inet 172.16.112.10  netmask 255.255.255.0  broadcast 172.16.112.255
>          inet6 fe80::20c:29ff:fe56:53bd  prefixlen 64  scopeid 0x20<link>
>          ether 00:0c:29:56:53:bd  txqueuelen 1000  (Ethernet)
>          RX packets 33531  bytes 24153141 (23.0 MiB)
>          RX errors 0  dropped 0  overruns 0  frame 0
>          TX packets 30428  bytes 17489346 (16.6 MiB)
>          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
>
> On the client:
> [root at ipaclient ~]#ipa-client-install --enable-dns-updates
> [root at ipaclient ~]# ifconfig eth0
> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>          inet 172.16.112.11  netmask 255.255.255.0  broadcast 172.16.112.255
>          inet6 fe80::20c:29ff:fed4:9724  prefixlen 64  scopeid 0x20<link>
>          ether 00:0c:29:d4:97:24  txqueuelen 1000  (Ethernet)
>          RX packets 23591  bytes 24965586 (23.8 MiB)
>          RX errors 0  dropped 0  overruns 0  frame 0
>          TX packets 12756  bytes 1274305 (1.2 MiB)
>          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> [root at ipaclient ~]# nslookup ipaclient
> Server:		172.16.112.10
> Address:	172.16.112.10#53
>
> Name:	ipaclient.beta.local
> Address: 172.16.112.11
>
> [root at ipaclient ~]# nslookup ipaserver
> Server:		172.16.112.10
> Address:	172.16.112.10#53
>
> Name:	ipaserver.beta.local
> Address: 172.16.112.10
> [root at ipaclient ~]# ipa dnszone-show beta.local
> ipa: ERROR: beta.local: DNS zone not found
> [root at ipaclient ~]# ipa dns-resolve ipaserver.beta.local
> -----------------------------
> Found 'ipaserver.beta.local.'
> -----------------------------
> [root at ipaclient ~]# ipa dnsconfig-show
> ---------------------------------
> Global DNS configuration is empty
> ---------------------------------
>
> Any pointers?
>
> Thanks,
> Mike

I'd be curious what ipa dnszone-find returns.

rob

More information about the Freeipa-users mailing list