[Freeipa-users] DNS resource records problem. subdomains and /16's.

Andrew Holway andrew.holway at gmail.com
Mon Oct 28 15:34:33 UTC 2013 

Forward DNS for this host is working but reverse DNS is not:

[root at freeipa ~]# dig node002.test.nsslabs.com @localhost


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>>
node002.test.nsslabs.com @localhost

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9260

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1


;; QUESTION SECTION:

;node002.test.nsslabs.com. IN A


;; ANSWER SECTION:

node002.test.nsslabs.com. 1200 IN A 10.51.102.2


;; AUTHORITY SECTION:

test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com.


;; ADDITIONAL SECTION:

freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23


;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon Oct 28 04:30:28 2013

;; MSG SIZE  rcvd: 96


[root at freeipa ~]# dig 10.51.102.2 @localhost


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> 10.51.102.2 @localhost

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57193

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


;; QUESTION SECTION:

;10.51.102.2. IN A


;; AUTHORITY SECTION:

. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013102800
1800 900 604800 86400


;; Query time: 153 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon Oct 28 04:30:39 2013

;; MSG SIZE  rcvd: 104


On 28 October 2013 15:33, Andrew Holway <andrew.holway at gmail.com> wrote:
> Here is some info from FreeIPA . . .
>
> [root at freeipa ~]# ipa host-show
>
> Host name: node002.test.nsslabs.com
>
>   Host name: node002.test.nsslabs.com
>
>   Certificate: MIIDrzCCApegAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDkwMDAxWhcNMTUxMDI5MDkwMDAxWjA+MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMSEwHwYDVQQDExhub2RlMDAyLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBNjwG219iSyJ7f8TVjoIUN8Wtk3WfaCTEW43d534UDCsC4e5pd/dsOqsCk+NqVf6u6SA80ZFnZp/z7ULoY9rm/+IRBY2M/ofu8PHVZ2wu33/4RhW9FXORh51rSaklefs3ZAgo+Ra2aiEdsm4vSk4+0f3dUnbtoqg6bkK0NHjUEkof/7EyM+WLhXUIfXnyFFu3gnHzqntX/SbybgtG8AuDSkm07LLnbY354u28OPE+DLaGgYPqZmuvdHVAEWu8i2uCywOyf3yHuFA59UjZclb7IQZ0qvm8GUUJjidFOfmgBSueyTUs+JvojYu2Z+roqwJpFY60oiSwMQw3fuHh/UqFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUt6Eh8e4si95/Q/CbzbbAB5cESVUwDQYJKoZIhvcNAQELBQADggEBAK5OQe2jPdzTJZTizgLE8AMSlw9NWVCY0bLh4HbbIhazFo++FOlArRf8AfwukmFdv97JEy3wDWDccxQXBC+8/tmIP3TeILcLAwEmdmSynKXOvhQ97+EGNmQRO9uXLo1C5ognxUiDbjmXYWkMRjJFLzBvqbA4veRekgvS27faZa0lTTxygk2hrbcMyVN6MHGLdX07EMgSa6IkIUZ+TdLZwMep9IK6CtoJelTjDP0JIy3n5DBVzJ+C0GZ0XUyUE6vXFcpuvyGY4ckQHf1sEbWFcRmJsxsweAgGwol2GJAWa7vZJlTVJZOMgV8fO0aK0Y8kl/KHN+ycxWFQyxZ3njDPn6g=
>
>   Principal name: host/node002.test.nsslabs.com at TEST.NSSLABS.COM
>
>   Password: False
>
>   Keytab: True
>
>   Managed by: node002.test.nsslabs.com
>
>   Subject: CN=node002.test.nsslabs.com,O=TEST.NSSLABS.COM
>
>   Serial Number: 17
>
>   Serial Number (hex): 0x11
>
>   Issuer: CN=Certificate Authority,O=TEST.NSSLABS.COM
>
>   Not Before: Mon Oct 28 09:00:01 2013 UTC
>
>   Not After: Thu Oct 29 09:00:01 2015 UTC
>
>   Fingerprint (MD5): d4:d7:fa:14:31:0a:71:70:c9:62:43:65:ab:c5:09:93
>
>   Fingerprint (SHA1):
> d2:72:8d:20:4b:c7:e5:a8:2d:bc:f9:e7:ca:c0:9b:f5:d9:53:c6:74
>
>   SSH public key fingerprint:
> 28:24:23:6C:6D:42:22:8A:38:10:C8:00:5B:11:43:F4 (ssh-dss),
> 43:3E:0A:E3:17:26:89:8B:6E:D3:66:FA:67:6D:CA:76 (ssh-
>
>                               rsa)
>
> [root at freeipa ~]# ipa host-show
>
> Host name: node001.swim1.test.nsslabs.com
>
>   Host name: node001.swim1.test.nsslabs.com
>
>   Certificate: MIIDtTCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDg1MjM0WhcNMTUxMDI5MDg1MjM0WjBEMRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMScwJQYDVQQDEx5ub2RlMDAxLnN3aW0xLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyLPK9JKLZLuDoecKehT9MZnBeaJqHzF6nC+JhXd6wf5Kcy7WyVCVgWxchnvMo0x0CPN5mRDfHUpsT3MRILmRl/0OGgPft4Tl5X27kwfORT3/YPQVohclR2xS3RRZUTsuPlY6L2If02DL6wauWKzfVxASHB43JKLoTOA5GnM9CBGirs6R3yiNW0ow41kKslM6mwAXCwh7bSMRmBd43T3bvtFGLAMqKzn4t+v0ezaFSRvXeVPUeK4Mt8ZhzQ/FwMVW2HT3og2TBgIbCnk/U6R1Syyic7OvNWiODXHoepcQgYXv/G3kt2bqqyO7JJZkznGskF8TRQga1rnpHs1bYkGEFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAKXs8vW7guBvh0XhWUXS26j2zJswDQYJKoZIhvcNAQELBQADggEBAJWW5ZFYGEtGLxhBeutryfMpU/R83/zxpgG6TpvJS/v4ODANLLz+cqN8J9Ogna/wnprrYleUuhxgAvYVIyYInpt+N765g2fKMDlS1CCrfxt4F8wgG7WpN4ZzcE7roa5pYa7CP9DRupXyZfUjbFxCbYixS3zV/CU9lddlt9OJWRnPksbr6jKVAfStWnL9e5DVbOeXSuQwIbDScRLkVL7Po/z1eZATZsAMtdOLhciTId157k9hxOPn1DCyh31Z70JiXFiVL+FazljxzMMyfPCdsvKKHhjTednMBgfwRqtBtA/Hf7LjjWqiaR12y0qOQyNmZ8ylu+1sxRqUv78t6ljVRvc=
>
>   Principal name: host/node001.swim1.test.nsslabs.com at TEST.NSSLABS.COM
>
>   Password: False
>
>   Keytab: True
>
>   Managed by: node001.swim1.test.nsslabs.com
>
>   Subject: CN=node001.swim1.test.nsslabs.com,O=TEST.NSSLABS.COM
>
>   Serial Number: 16
>
>   Serial Number (hex): 0x10
>
>   Issuer: CN=Certificate Authority,O=TEST.NSSLABS.COM
>
>   Not Before: Mon Oct 28 08:52:34 2013 UTC
>
>   Not After: Thu Oct 29 08:52:34 2015 UTC
>
>   Fingerprint (MD5): ef:7f:11:54:a4:99:3c:58:f9:c8:5f:1c:2f:8e:a0:a3
>
>   Fingerprint (SHA1):
> 87:2b:37:e0:c8:7b:54:62:a1:6f:ae:fa:7b:2a:f6:a4:3a:c6:5c:c4
>
>   SSH public key fingerprint:
> B8:44:2F:2E:DC:4E:BF:BE:15:00:25:80:3B:A9:1D:5E (ssh-dss),
> 05:11:9B:EE:D0:7A:BA:9D:BA:48:18:82:84:8F:25:82 (ssh-rsa)
>
> On 28 October 2013 15:20, Rob Crittenden <rcritten at redhat.com> wrote:
>> Andrew Holway wrote:
>>>
>>> Hello,
>>>
>>> I have created two DNS resource records. 51.10.in-addr.arpa. and
>>> test.domain.com. It seems that it does not like to use the
>>> 51.10.in-addr.arpa. for addresses. Must I specify each /24? In
>>> addition, if I am adding a host node.subdomain.test.nsslabs.com. It
>>> does not like this either. Must I specify a record for each subdomain?
>>> Am I missing a * somewhere?
>>
>>
>> Can you be more specific about what you're seeing?
>>
>> rob
>>

More information about the Freeipa-users mailing list