[Freeipa-users] FW: FW: FW: named and IpA

Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) licause at hp.com
Fri Oct 3 17:20:51 UTC 2014


Ah....excellent suggestion !

Thanks very much that worked.....

[root at linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27 --forwarder=16.112.240.40
  Global forwarders: 16.112.240.27, 16.112.240.40
  Forward policy: first

Unfortunately it didn't fix the problem......while IdM is running the local name server still can't resolve any hosts
or addresses out unknown to the local name server.

Al



-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson
Sent: Friday, October 03, 2014 9:44 AM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FW: FW: named and IpA

On 10/03/2014 09:22 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com 
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson
> Sent: Friday, October 03, 2014 8:03 AM
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FW: named and IpA
>
> On 10/03/2014 08:32 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
> Support) wrote:
>> -----Original Message-----
>> From: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
>> Sent: Friday, October 03, 2014 7:11 AM
>> To: 'Jan Pazdziora'
>> Subject: RE: [Freeipa-users] named and IpA
>>
>> Jan,
>>
>> Just for kicks, I tried to use the ipa dnsconfig-mod command to add information about the local name server.
>>
>> I was able to set the forwarding policy but I was only able to set a single forwarder.
>>
>> If I issued a second forwarder, the previous entry was replaced by the new one and only one forwarder shows as active:
>>
>> [root at linux named]# ipa dnsconfig-show
>>     Global forwarders: 16.112.240.40
>>     Forward policy: first
>>
>> [root at linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27
>>     Global forwarders: 16.112.240.27
>>     Forward policy: first
>>
>> [root at linux named]# ipa dnsconfig-show
>>     Global forwarders: 16.112.240.27
>>     Forward policy: first
>>
>> If I attempt to place more than one forwarder in the arguments, I get an error:
>>
>> [root at linux named]# ipa dnsconfig-mod
>> --forwarder=16.112.240.27;16.112.240.40
>> ipa: ERROR: no modifications to be performed
>> bash: 16.112.240.40: command not found...
> You cannot use an unescaped semicolon
> $ man bash
> ...
> DEFINITIONS
> ...
>          metacharacter
>                 A  character  that,  when unquoted, separates words. One of the
>                 following:
>                 |  & ; ( ) < > space tab
>
>>>   Thanks for the reply.    If it is possible to enter more than one forwarder with the ipa dnsconfig-mod command, can
>>>    you show an example ?    I have tried variations with no luck.
> Al

Have you tried multiple --forwarder flags?  e.g. # ipa dnsconfig-mod
--forwarder=16.112.240.27 --forwarder=16.112.240.40 ...

>
>
>> The Fedora documentation only gives examples for adding a single forwarder.....so this seems to be a shortcoming in the current implementation.
>>
>> However, having performed these steps, it still did not allow the local name server to look at anything past the local database or use the designated forwarders.
>>
>> Al
>>
>>
>> -----Original Message-----
>> From: Jan Pazdziora [mailto:jpazdziora at redhat.com]
>> Sent: Thursday, October 02, 2014 11:23 PM
>> To: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
>> Cc: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] named and IpA
>>
>> On Thu, Oct 02, 2014 at 05:05:10PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote:
>>> >From the IdM server we can only lookup local records.  The name
>>>> resolver will not
>>> attempt to look to another other name servers or domains defined in 
>>> /etc/resolv.conf
>> What exactly is in your /etc/resolv.conf? Just the IP address of the IPA server (localhost), or some other records?
>>
>>> If I shutdown IdM using ipactl stop and then restart named, the name 
>>> resolver works for local and remote hosts, addresses and domains as 
>>> well as serving up the SRV records defined on the local host.
>> So if all IdM services are running, you do not seem to have named observing forwarders settings but if you only run named on the IdM machine and nothing else, it starts to observe them?
>>
>> Can you show dig output for one of the problematic records to see which DNS server is answering the query?
>>
>> --
>> Jan Pazdziora
>> Principal Software Engineer, Identity Management Engineering, Red Hat
>>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project




More information about the Freeipa-users mailing list