[Freeipa-users] DNS lookups after replica(master) added

Cory Carlton cory at pithoslabs.com
Wed Apr 22 16:40:32 UTC 2015 

Hey all,

I for some reason do not ever get responses from doing DNS lookups to my
new servers that have been stood up and replicated as Masters with CA, and
DNS options entered at command line.

Is there any trick or configuration to allow anonymous for my servers
without IPA Client installed to talk to these?

it does not allow lookups,
Ip-tables have even been turned off for testing.
telnet to server via 53 Works
 Stand alone IPA server LDAP DNS Kerberose usages


 [root at DOMAIN ~]# ipa dnsconfig-show --rights --all --raw
---------------------------------
Global DNS configuration is empty
---------------------------------
  dn: cn=dns,dc=int,dc=DOMAIN,dc=com
  aci: (targetattr = "*")(version 3.0; acl "Allow read access"; allow
(read,search,compare) groupdn = "ldap:///cn=Read DNS
Entries,cn=permissions,cn=pbac,dc=int,dc=DOMAIN,dc=com" or userattr =
"parent[0,1].managedby#GROUPDN";)
  aci: (target =
"ldap:///idnsname=*,cn=dns,dc=int,dc=DOMAIN,dc=com")(version 3.0;acl "Add
DNS entries in a zone";allow (add) userattr =
"parent[1].managedby#GROUPDN";)
  aci: (target =
"ldap:///idnsname=*,cn=dns,dc=int,dc=DOMAIN,dc=com")(version 3.0;acl
"Remove DNS entries from a zone";allow (delete) userattr =
"parent[1].managedby#GROUPDN";)
  aci: (targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl ||
dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord ||
ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord
|| minforecord || afsdbrecord || sigrecord || keyrecord || locrecord ||
nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord ||
dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname ||
idnszoneactive || idnssoamname || idnssoarname || idnssoaserial ||
idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum ||
idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr
|| idnsforwardpolicy || idnsforwarders")(target =
"ldap:///idnsname=*,cn=dns,dc=int,dc=DOMAIN,dc=com")(version 3.0;acl
"Update DNS entries in a zone";allow (write) userattr =
"parent[0,1].managedby#GROUPDN";)
  attributelevelrights: {'cn': u'rscwo', 'idnsforwardpolicy': u'rscwo',
'objectclass': u'rscwo', 'idnsallowsyncptr': u'rscwo', 'idnsforwarders':
u'rscwo', 'idnspersistentsearch': u'rscwo', 'idnszonerefresh': u'rscwo',
'aci': u'rscwo', 'nsaccountlock': u'rscwo'}
  cn: dns
  objectclass: idnsConfigObject
  objectclass: nsContainer
  objectclass: top
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150422/42f70218/attachment.htm>

More information about the Freeipa-users mailing list