[Freeipa-users] DNS not responding properly....

Bret Wortman bret.wortman at damascusgrp.com
Sat Sep 6 07:18:54 UTC 2014 

Check.

[root at ipa1 data]# ipa dnszone-show foo.net
   Zone name: foo.net
   Authoritative nameserver: ipa1.foo.net.
   Administrator e-mail address: hostmaster.foo.net.
   SOA serial: 1400521450
   SOA refresh: 3600
   SOA retry: 900
   SOA expire: 1209600
   SOA minimum: 3600
   Active zone: TRUE
   Allow query: any;
   Allow transfer: none;
   Zone forwarders: 8.8.8.8
[root at ipa1 data]#

On 09/05/2014 01:56 PM, Petr Spacek wrote:
> Hello,
>
> On 5.9.2014 18:14, Bret Wortman wrote:
>> I've got an odd situation with one of our networks. Our systems are 
>> properly
>> registered in DNS within IPA, and the web interface and IPA queries 
>> work to
>> resolve the hosts, but named isn't playing along with us.
>>
>> [root at ipa1 data]# ipa dnsrecord-find foo.net --name=asterisk
>>     Record name: asterisk
>>     A record: 192.168.252.155
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>> [root at ipa1 data]# host asterisk.foo.net
>> Host asterisk.foo.net not found: 3(NXDOMAIN)
>> [root at ipa1 data]# cat /etc/resolv.conf
>> search foo.net
>> nameserver 192.168.252.61        <--------- This is ipa1
>> nameserver 192.168.252.62
>> nameserver 192.168.252.63
>> [root at ipa1 data]# ifconfig
>> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>           inet 192.168.252.61  netmask 255.255.255.0  broadcast 
>> 192.168.252.255
>>           inet6 fe80::250:56ff:fe04:401  prefixlen 64  scopeid 
>> 0x20<link>
>>           ether 00:50:56:04:04:01  txqueuelen 1000  (Ethernet)
>>           RX packets 2189  bytes 332143 (324.3 KiB)
>>           RX errors 0  dropped 0  overruns 0  frame 0
>>           TX packets 1523  bytes 428925 (418.8 KiB)
>>           TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0
>>
>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>>           inet 127.0.0.1  netmask 255.0.0.0
>>           inet6 ::1  prefixlen 128  scopeid 0x10<host>
>>           loop  txqueuelen 0  (Local Loopback)
>>           RX packets 1037  bytes 718872 (702.0 KiB)
>>           RX errors 0  dropped 0  overruns 0  frame 0
>>           TX packets 1037  bytes 718872 (702.0 KiB)
>>           TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0
>>
>> [root at ipa1 data]#
>>
>> When I dig into the named.run file, I see the trace below (I ran an 
>> "rndc
>> reload" after seeing the request to do so at the end of an earlier 
>> section of
>> the file; it obviously didn't help much). I'm not sure where else to 
>> look.
>> /etc/named.conf and /var/named/named.ca both are in line with what we 
>> have on
>> another similar system where everything is working just fine. Any 
>> thoughts?
>
> Please double check output from
> $ ipa dnszone-show foo.net
>
> It should contain line like:
>   Active zone: TRUE
>
> Petr^2 Spacek
>
>> 05-Sep-2014 12:04:47.111 received control channel command 'reload'
>> 05-Sep-2014 12:04:47.111 zone 252.168.192.in-addr.arpa/IN: shutting down
>> 05-Sep-2014 12:04:47.112 loading configuration from '/etc/named.conf'
>> 05-Sep-2014 12:04:47.112 using default UDP/IPv4 port range: [1024, 
>> 65535]
>> 05-Sep-2014 12:04:47.112 using default UDP/IPv6 port range: [1024, 
>> 65535]
>> 05-Sep-2014 12:04:47.113 sizing zone task pool based on 6 zones
>> 05-Sep-2014 12:04:47.116 option 'serial_autoincrement' is not 
>> supported, ignoring
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 10.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 16.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 17.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 18.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 19.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 20.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 21.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 22.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 23.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 24.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.194 automatic empty zone: 25.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.195 automatic empty zone: 26.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 27.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 28.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 29.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 30.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 31.172.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 168.192.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 64.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 65.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.196 automatic empty zone: 66.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 67.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 68.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 69.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 70.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 71.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 72.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 73.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 74.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 75.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 76.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 77.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 78.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.198 automatic empty zone: 79.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.199 automatic empty zone: 80.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.199 automatic empty zone: 81.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.199 automatic empty zone: 82.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.199 automatic empty zone: 83.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.199 automatic empty zone: 84.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 85.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 86.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 87.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 88.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 89.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.200 automatic empty zone: 90.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 91.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 92.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 93.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 94.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 95.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.201 automatic empty zone: 96.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 97.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 98.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 99.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 100.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 101.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.202 automatic empty zone: 102.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 103.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 104.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 105.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 106.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 107.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.203 automatic empty zone: 108.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 109.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 110.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 111.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 112.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 113.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.204 automatic empty zone: 114.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.205 automatic empty zone: 115.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.205 automatic empty zone: 116.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.205 automatic empty zone: 117.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.205 automatic empty zone: 118.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.205 automatic empty zone: 119.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.206 automatic empty zone: 120.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.206 automatic empty zone: 121.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.206 automatic empty zone: 122.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.206 automatic empty zone: 123.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.206 automatic empty zone: 124.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.207 automatic empty zone: 125.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.207 automatic empty zone: 126.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.207 automatic empty zone: 127.100.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.207 automatic empty zone: 127.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.207 automatic empty zone: 254.169.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.208 automatic empty zone: 2.0.192.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.208 automatic empty zone: 100.51.198.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.208 automatic empty zone: 113.0.203.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.208 automatic empty zone: 
>> 255.255.255.255.IN-ADDR.ARPA
>> 05-Sep-2014 12:04:47.208 automatic empty zone:
>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
>> 05-Sep-2014 12:04:47.209 automatic empty zone: D.F.IP6.ARPA
>> 05-Sep-2014 12:04:47.209 automatic empty zone: 8.E.F.IP6.ARPA
>> 05-Sep-2014 12:04:47.209 automatic empty zone: 9.E.F.IP6.ARPA
>> 05-Sep-2014 12:04:47.209 automatic empty zone: A.E.F.IP6.ARPA
>> 05-Sep-2014 12:04:47.209 automatic empty zone: B.E.F.IP6.ARPA
>> 05-Sep-2014 12:04:47.210 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
>> 05-Sep-2014 12:04:47.213 reloading configuration succeeded
>> 05-Sep-2014 12:04:47.213 reloading zones succeeded
>> 05-Sep-2014 12:04:47.225 all zones loaded
>> 05-Sep-2014 12:04:47.226 running
>> 05-Sep-2014 12:04:47.226 update_record (syncrepl) failed, dn
>> 'idnsname=ipa1,idnsname=foo.net,cn=dns,dc=foo,dc=net' change type 
>> 0x1. Records
>> can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.226 update_record (syncrepl) failed, dn
>> 'idnsname=_kerberos,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>> type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.317 update_record (syncrepl) failed, dn
>> 'idnsname=_ldap._tcp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>> type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.317 update_record (syncrepl) failed, dn
>> 'idnsname=_kerberos._tcp,idnsname=foo.net,cn=dns,dc=foo,dc=net' 
>> change type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.318 update_record (syncrepl) failed, dn
>> 'idnsname=_kerberos._udp,idnsname=foo.net,cn=dns,dc=foo,dc=net' 
>> change type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.318 update_record (syncrepl) failed, dn
>> 'idnsname=_kerberos-master._tcp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>>
>> type 0x1. Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.318 update_record (syncrepl) failed, dn
>> 'idnsname=_kerberos-master._udp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>>
>> type 0x1. Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.318 update_record (syncrepl) failed, dn
>> 'idnsname=_kpasswd._tcp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>> type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.318 update_record (syncrepl) failed, dn
>> 'idnsname=_kpasswd._udp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>> type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.319 update_record (syncrepl) failed, dn
>> 'idnsname=_ntp._udp,idnsname=foo.net,cn=dns,dc=foo,dc=net' change 
>> type 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.319 update_record (syncrepl) failed, dn
>> 'idnsname=ipa-ca,idnsname=foo.net,cn=dns,dc=foo,dc=net' change type 
>> 0x1. Records
>> can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.319 update_record (syncrepl) failed, dn
>> 'idnsname=ipa2,idnsname=foo.net,cn=dns,dc=foo,dc=net' change type 
>> 0x1. Records
>> can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.319 update_record (syncrepl) failed, dn
>> 'idnsname=mcnetmon,idnsname=foo.net,cn=dns,dc=foo,dc=net' change type 
>> 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.320 update_record (syncrepl) failed, dn
>> 'idnsname=asterisk,idnsname=foo.net,cn=dns,dc=foo,dc=net' change type 
>> 0x1.
>> Records can be outdated, run `rndc reload`: not found
>> 05-Sep-2014 12:04:47.320 zone 252.168.192.in-addr.arpa/IN: loaded 
>> serial 1409933087
>> 05-Sep-2014 12:04:47.320 1 zones from LDAP instance 'ipa' loaded (1 
>> zones defined)
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140906/06c1bc70/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140906/06c1bc70/attachment.p7s>

More information about the Freeipa-users mailing list