[Freeipa-users] reverse DNS and replicas
Brett Foster
fosterb at edgeandvertex.org
Wed Nov 6 07:38:48 UTC 2013
Of course, as soon as I send this I notice the --no-host-dns. Figures.
On Tue, Nov 5, 2013 at 11:33 PM, Brett Foster <fosterb at edgeandvertex.org>wrote:
> Alright -- I'm stumped. What is the motivation for requiring reverse
> lookups for replicas? Is there a way to turn the check off? Others ideas?
>
> Here's what I got:
>
> I set up freeipa server and client. The systems are connected over OpenVPN
> to create a private network between clients and server (10.5.x.x). Traffic
> to 10.5.0.x subset is routed over VPN; otherwise traffic uses the local
> network connection (including DNS servers provided over DHCP).
>
> For better or worse, I found myself exposing the internal addresses via
> the public interface of the FreeIPA server. This, however, makes it
> impossible to do the reverse lookup of internal servers.
>
> Clients and freeipa server appear to be happy with this arrangement.
> Replica not so much.
>
> FreeIPA Server: 10.5.0.1
> FreeIPA Replica: 10.5.0.2
> Client 1: 10.5.0.3
> Client 2: 10.5.0.4
> and so on...
>
> Error:
> 2013-11-06T06:53:41Z DEBUG Check reverse address of 10.5.0.1
> 2013-11-06T06:53:46Z DEBUG Check failed: [Errno 1] Unknown host
> 2013-11-06T06:53:46Z DEBUG The ipa-replica-install command failed,
> exception: HostReverseLookupError: Unable to resolve the reverse ip
> address, check /etc/hosts or DNS name resolution
>
> Brett
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131105/581bc5fd/attachment.htm>
More information about the Freeipa-users
mailing list