[Freeipa-users] DNS configuration
Martin Basti
mbasti at redhat.com
Tue Dec 2 16:36:46 UTC 2014
On 02/12/14 17:28, Matthew Herzog wrote:
> I just realized that my IPA servers cannot resolve ANY servers in my
> domain. What do I need to do to fix this? Below is my named.conf.
>
>
> options {
> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
> listen-on-v6 {any;};
>
> // Put files that named is allowed to write in the data/
> directory:
> directory "/var/named"; // the default
> dump-file "data/cache_dump.db";
> statistics-file "data/named_stats.txt";
> memstatistics-file "data/named_mem_stats.txt";
>
> forward first;
> forwarders {
> 10.100.8.41;
> 10.100.8.40;
> 10.100.4.13;
> 10.100.4.14;
> 10.100.4.19;
> 10.100.4.44;
> };
>
> // Any host is permitted to issue recursive queries
> allow-recursion { any; };
>
> tkey-gssapi-keytab "/etc/named.keytab";
> pid-file "/run/named/named.pid";
> };
>
> /* If you want to enable debugging, eg. using the 'rndc trace' command,
> * By default, SELinux policy does not allow named to modify the
> /var/named directory,
> * so put the default debug log file in data/ :
> */
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> print-time yes;
> };
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca <http://named.ca>";
> };
>
> include "/etc/named.rfc1912.zones";
>
> dynamic-db "ipa" {
> library "ldap.so";
> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
> arg "fake_mname freeipa-poc01.bo3.e-bozo.com
> <http://freeipa-poc01.bo3.e-bozo.com>.";
> arg "auth_method sasl";
> arg "sasl_mech GSSAPI";
> arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com
> <http://freeipa-poc01.bo3.e-bozo.com>";
> arg "serial_autoincrement yes";
> };
>
>
>
>
Hello,
which version ipa do you use? which platform? Which version bind-dyndb-ldap?
Can you run these commands, and check if there any errors?
ipactl status
systemctl status named (respectively journalctl -u named)
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141202/a977adb7/attachment.htm>
More information about the Freeipa-users
mailing list