[Freeipa-users] Question About Properly Configuring DNS
Simo Sorce
simo at redhat.com
Mon Oct 27 18:15:09 UTC 2014
On Mon, 27 Oct 2014 17:50:13 +0000
"Trevor T Kates (Services - 6)" <trevor.t.kates at dom.com> wrote:
> > -----Original Message-----
> > From: Simo Sorce [mailto:simo at redhat.com]
> > Sent: Monday, October 27, 2014 12:30 PM
> > To: Trevor T Kates (Services - 6)
> > Cc: freeipa-users at redhat.com
> > Subject: Re: [Freeipa-users] Question About Properly Configuring DNS
> >
> > On Mon, 27 Oct 2014 14:07:42 +0000
> > "Trevor T Kates (Services - 6)" <trevor.t.kates at dom.com> wrote:
> >
> > > Hi, all:
> > >
> > > I have four servers (two in one location, two in another) running
> > > IPA 3.0 set to replicate like so:
> > >
> > > Location A Server 1 - - - - - - - - Location B Server 1
> > > | |
> > > | |
> > > | |
> > > | |
> > > Location A Server 2 - - - - - - - - Location B Server 2
> > >
> > > Each server has DNS configured; however, I think I have configured
> > > something inappropriately with respect to authoritative records.
> > >
> > > I have eight zones configured and ipa dnszone-show for any one of
> > > them has Location B Server 1's name as authoritative. In each of
> > > the eight zones, I have added NS records for the other three
> > > servers. On all of the servers except Location B Server
> > > 1, /var/log/messages will show:
> > >
> > > client x.xxx.x.xxx#14366: received notify for zone
> > > 'x.xxx.x.in-addr.arpa': not authoritative
> > >
> > > This occurs for most, but not all, zones. Along with this:
> > >
> > > LDAP query timed out. Try to adjust "timeout" parameter
> > > update_record (psearch) failed, dn
> > > 'idnsname=xxx,idnsname=x.xxx.xx.in-addr.arpa.,cn=dns,dc=example,dc=com'
> > > change type 0x0. Records can be outdated, run `rndc reload`: not
> > > found
> > >
> > > I feel like I've misconfigured a few things along the way and I'd
> > > love some help. Along with that if anyone has recommendations on
> > > things I should read to help me better understand what I should be
> > > doing with DNS, I'd appreciate it.
> >
> > Uhmm sounds like a bug in reloading the info in the bind ldap
> > plugin.
> >
> > Can you restart named on one of the other servers and tell if the
> > warning goes away and/or if the client returns that server as
> > authoritative after the bounce ?
> >
> > Simo.
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
>
> Upon restarting named, 'not authoritative' is not present for any of
> the zones and dig on clients shows all of the servers as
> authoritative. The restart of named did not always go cleanly,
> however. Sometimes, the same timeout issue as before would present
> itself. Should I not worry about those?
Ok would you be able to opne a bug (bugzilla or trac, either is fine)
for the 2 issues ?
One seem to be that changing the NS record is not causing a proper
change in authoritative status.
The second should be about the timeout error you are seeing.
Thank you,
Simo.
> Thanks for your help!
>
> Trevor T. Kates
>
>
> CONFIDENTIALITY NOTICE: This electronic message contains information
> which may be legally confidential and or privileged and does not in
> any case represent a firm ENERGY COMMODITY bid or offer relating
> thereto which binds the sender without an additional express written
> confirmation to that effect. The information is intended solely for
> the individual or entity named above and access by anyone else is
> unauthorized. If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply immediately to the sender that
> you have received the message in error, and delete it. Thank you.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list