[Freeipa-users] DNS configuration
Matthew Herzog
matthew.herzog at gmail.com
Wed Dec 3 01:54:12 UTC 2014
Any other ideas? I just spun up a new VM and took the defaults on
everything while running ipa-server-install (the defaults did make sense)
and my new VM can't resolve -anything- in the domain in which it lives. The
"old" VM (running the same versions of everything on the same OS) can't
even resolve the clients I have registered with it!
So I'm pretty frustrated and am wondering, what _exactly_ is the role of
bind in the IPA server and how is it expected to know anything about the
local DNS domain without becoming a bind slave server?
Thanks.
On Tue, Dec 2, 2014 at 11:58 AM, Petr Spacek <pspacek at redhat.com> wrote:
> On 2.12.2014 17:36, Martin Basti wrote:
> > On 02/12/14 17:28, Matthew Herzog wrote:
> >> I just realized that my IPA servers cannot resolve ANY servers in my
> domain.
> >> What do I need to do to fix this? Below is my named.conf.
> >>
> >>
> >> options {
> >> // turns on IPv6 for port 53, IPv4 is on by default for all
> ifaces
> >> listen-on-v6 {any;};
> >>
> >> // Put files that named is allowed to write in the data/
> directory:
> >> directory "/var/named"; // the default
> >> dump-file "data/cache_dump.db";
> >> statistics-file "data/named_stats.txt";
> >> memstatistics-file "data/named_mem_stats.txt";
> >>
> >> forward first;
> >> forwarders {
> >> 10.100.8.41;
> >> 10.100.8.40;
> >> 10.100.4.13;
> >> 10.100.4.14;
> >> 10.100.4.19;
> >> 10.100.4.44;
> >> };
> >>
> >> // Any host is permitted to issue recursive queries
> >> allow-recursion { any; };
> >>
> >> tkey-gssapi-keytab "/etc/named.keytab";
> >> pid-file "/run/named/named.pid";
> >> };
> >>
> >> /* If you want to enable debugging, eg. using the 'rndc trace' command,
> >> * By default, SELinux policy does not allow named to modify the
> /var/named
> >> directory,
> >> * so put the default debug log file in data/ :
> >> */
> >> logging {
> >> channel default_debug {
> >> file "data/named.run";
> >> severity dynamic;
> >> print-time yes;
> >> };
> >> };
> >> };
> >>
> >> zone "." IN {
> >> type hint;
> >> file "named.ca <http://named.ca>";
> >> };
> >>
> >> include "/etc/named.rfc1912.zones";
> >>
> >> dynamic-db "ipa" {
> >> library "ldap.so";
> >> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
> >> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
> >> arg "fake_mname freeipa-poc01.bo3.e-bozo.com
> >> <http://freeipa-poc01.bo3.e-bozo.com>.";
> >> arg "auth_method sasl";
> >> arg "sasl_mech GSSAPI";
> >> arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com
> >> <http://freeipa-poc01.bo3.e-bozo.com>";
> >> arg "serial_autoincrement yes";
> >> };
> >>
> >>
> >>
> >>
> > Hello,
> >
> > which version ipa do you use? which platform? Which version
> bind-dyndb-ldap?
> >
> > Can you run these commands, and check if there any errors?
> > ipactl status
> > systemctl status named (respectively journalctl -u named)
>
> We also may want to see information listed on page
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
--
If life gives you melons, you may be dyslexic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141202/a70601c1/attachment.htm>
More information about the Freeipa-users
mailing list