[Freeipa-users] DNS configuration
Matthew Herzog
matthew.herzog at gmail.com
Tue Dec 2 16:43:41 UTC 2014
I'm using freeipa 3.3.3 on Oracle Linux 7.
I have bind-dyndb-ldap-3.5-4.el7.x86_64 installed.
ipactl status:
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
systemctl status named:
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
bo3.e-bozo.com/IN: loaded serial 1417535679
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
1.0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
localhost/IN: loaded serial 0
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
localhost.localdomain/IN: loaded serial 0
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: all zones loaded
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: running
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com systemd[1]: Started Berkeley
Internet Name Domain (DNS).
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
4.100.10.in-addr.arpa/IN: loaded serial 1417535679
Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone
e-bozo.com/IN: loaded serial 1417535679
On Tue, Dec 2, 2014 at 11:36 AM, Martin Basti <mbasti at redhat.com> wrote:
> On 02/12/14 17:28, Matthew Herzog wrote:
>
> I just realized that my IPA servers cannot resolve ANY servers in my
> domain. What do I need to do to fix this? Below is my named.conf.
>
>
> options {
> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
> listen-on-v6 {any;};
>
> // Put files that named is allowed to write in the data/
> directory:
> directory "/var/named"; // the default
> dump-file "data/cache_dump.db";
> statistics-file "data/named_stats.txt";
> memstatistics-file "data/named_mem_stats.txt";
>
> forward first;
> forwarders {
> 10.100.8.41;
> 10.100.8.40;
> 10.100.4.13;
> 10.100.4.14;
> 10.100.4.19;
> 10.100.4.44;
> };
>
> // Any host is permitted to issue recursive queries
> allow-recursion { any; };
>
> tkey-gssapi-keytab "/etc/named.keytab";
> pid-file "/run/named/named.pid";
> };
>
> /* If you want to enable debugging, eg. using the 'rndc trace' command,
> * By default, SELinux policy does not allow named to modify the
> /var/named directory,
> * so put the default debug log file in data/ :
> */
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> print-time yes;
> };
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
>
> dynamic-db "ipa" {
> library "ldap.so";
> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
> arg "fake_mname freeipa-poc01.bo3.e-bozo.com.";
> arg "auth_method sasl";
> arg "sasl_mech GSSAPI";
> arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com";
> arg "serial_autoincrement yes";
> };
>
>
>
>
> Hello,
>
> which version ipa do you use? which platform? Which version
> bind-dyndb-ldap?
>
> Can you run these commands, and check if there any errors?
> ipactl status
> systemctl status named (respectively journalctl -u named)
>
> --
> Martin Basti
>
>
--
If life gives you melons, you may be dyslexic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141202/e420d3ab/attachment.htm>
More information about the Freeipa-users
mailing list