[Freeipa-users] dns stops working after upgrade

Rob Verduijn rob.verduijn at gmail.com
Wed Oct 29 13:32:59 UTC 2014 

Hello,

I've checked and I see a lot of objects representing my dns entries.
Still I get no answers if i try to resolve any of them :(

Rob

2014-10-29 13:28 GMT+01:00 Petr Spacek <pspacek at redhat.com>:

> On 28.10.2014 18:42, Rob Verduijn wrote:
>
>> before the update its 4.5-1.fc20.x86_64.rpm from fedora 20 updates repo
>> after the update its 6.0-5.fc20.x86_64.rpm from copr repo
>>
>> Regards
>> Rob
>>
>>
>> 2014-10-28 17:58 GMT+01:00 Martin Basti <mbasti at redhat.com>:
>>
>>    On 28/10/14 16:10, Rob Verduijn wrote:
>>>
>>>   Hello all,
>>>
>>>   I've been digging into my problem of being unable to update from 3.3.5
>>> to 4.1
>>>
>>>   First I add the repo from copr
>>>
>>>   Then  I used to update it by issueing 'yum update' which resulted in an
>>> update in which my local dns zone entries no longer resolved.
>>>
>>>   So i tried the instructions mentioned on the site :
>>> yum update freeipa-server
>>> And this failed with a conflict in
>>>
>>>   bind-32:9.9.4-18.fc20.1.pkcs11.x86_64 and
>>> bind-utils-32:9.9.4-15.P2.fc20.x86_64
>>>
>>>   I noticed the new bind comes from the copr repo and the old bind utils
>>> from fedora.
>>>
>>>   So I first run 'yum update bind-utils -y'
>>> Then I ran yum update freeipa-server
>>> and see it fail with errors about softhsm
>>>
>>>   I remembered reading about package errors with softhsm and installed
>>> the
>>> softhsm-devel package first.
>>>
>>>   so revert back the freeipa kvm snapshot to 3.3.5  and try again
>>> yum update bind-utils -y ;  yum install softhsm-devel -y ; yum update
>>> freeipa-server -y
>>>
>>>   However when restarting named-pkcs11 I can see in the system log that
>>> it
>>> has 0 zones loaded
>>>
>>>   Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: managed-keys-zone:
>>> loaded serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone 0.in-addr.arpa/IN:
>>> loaded serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone localhost/IN: loaded
>>> serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone
>>> 1.0.0.127.in-addr.arpa/IN: loaded serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone
>>> localhost.localdomain/IN: loaded serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone
>>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
>>> 0.0.ip6.arpa/IN:
>>> loaded serial 0
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: all zones loaded
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: running
>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: 0 zones from LDAP
>>> instance
>>> 'ipa' loaded (0 zones defined, 0 inactive, 0 failed to load)
>>>
>>>   It claims 0 zones loaded but I can see my forward and reverse zones in
>>> ipa
>>>
>>>   what could cause it not to load the zones that I defined in ipa ?
>>>
>>
> This problem is usually caused by broken IPA upgrade which destroys ACIs
> in LDAP which allow access to DNS sub-tree.
>
> Please follow instructions on:
>
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a5.
> NozonesfromLDAPareloaded
>
> ... and let us know if you are able to see idnsZone objects in LDAP or not.
>
> --
> Petr^2 Spacek
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141029/f1670e34/attachment.htm>

More information about the Freeipa-users mailing list