[Freeipa-users] DNS configuration

Petr Spacek pspacek at redhat.com
Tue Dec 2 16:58:29 UTC 2014 

On 2.12.2014 17:36, Martin Basti wrote:
> On 02/12/14 17:28, Matthew Herzog wrote:
>> I just realized that my IPA servers cannot resolve ANY servers in my domain.
>> What do I need to do to fix this? Below is my named.conf.
>>
>>
>> options {
>>         // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
>>         listen-on-v6 {any;};
>>
>>         // Put files that named is allowed to write in the data/ directory:
>>         directory "/var/named"; // the default
>>         dump-file               "data/cache_dump.db";
>>         statistics-file         "data/named_stats.txt";
>>         memstatistics-file  "data/named_mem_stats.txt";
>>
>>         forward first;
>>         forwarders {
>>                 10.100.8.41;
>>                 10.100.8.40;
>>                 10.100.4.13;
>>                 10.100.4.14;
>>                 10.100.4.19;
>>                 10.100.4.44;
>>         };
>>
>>         // Any host is permitted to issue recursive queries
>>         allow-recursion { any; };
>>
>>         tkey-gssapi-keytab "/etc/named.keytab";
>>         pid-file "/run/named/named.pid";
>> };
>>
>> /* If you want to enable debugging, eg. using the 'rndc trace' command,
>>  * By default, SELinux policy does not allow named to modify the /var/named
>> directory,
>>  * so put the default debug log file in data/ :
>>  */
>> logging {
>>         channel default_debug {
>>                 file "data/named.run";
>>                 severity dynamic;
>>                 print-time yes;
>>         };
>>         };
>> };
>>
>> zone "." IN {
>>         type hint;
>>         file "named.ca <http://named.ca>";
>> };
>>
>> include "/etc/named.rfc1912.zones";
>>
>> dynamic-db "ipa" {
>>         library "ldap.so";
>>         arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
>>         arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
>>         arg "fake_mname freeipa-poc01.bo3.e-bozo.com
>> <http://freeipa-poc01.bo3.e-bozo.com>.";
>>         arg "auth_method sasl";
>>         arg "sasl_mech GSSAPI";
>>         arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com
>> <http://freeipa-poc01.bo3.e-bozo.com>";
>>         arg "serial_autoincrement yes";
>> };
>>
>>
>>
>>
> Hello,
> 
> which version ipa do you use? which platform? Which version bind-dyndb-ldap?
> 
> Can you run these commands, and check if there any errors?
> ipactl status
> systemctl status named  (respectively journalctl -u named)

We also may want to see information listed on page
https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting

-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list