[Freeipa-users] reverse DNS lookup does not work

Tue Aug 11 14:47:54 UTC 2015

reverse DNS lookup stopped working after I broke some replication
agreements (perhaps unrelated, but worth mentioning). Regular A
records resolve fine.
The records can be seen in LDAP (using ldapsearch with GSSAPI after
kinit -t /etc/named.keytab):

the zone:

# 0.63.10.in-addr.arpa., dns, ipa.example.net
dn: idnsname=0.63.10.in-addr.arpa.,cn=dns,dc=ipa,dc=example,dc=net
idnsUpdatePolicy: grant IPA.example.NET krb5-self * PTR; grant IPA.example.NET
  krb5-self * SSHFP;
idnsAllowDynUpdate: TRUE
idnsForwarders: 172.23.1.5
idnsAllowSyncPTR: TRUE
idnsSOAserial: 1439302482
idnsSOArName: hostmaster.ipa.example.net.
idnsZoneActive: TRUE
idnsSOAexpire: 1209600
nSRecord: ldap1.example.lan.
idnsSOAminimum: 3600
objectClass: idnszone
objectClass: top
objectClass: idnsrecord
idnsAllowTransfer: none;
idnsSOAretry: 900
idnsSOArefresh: 3600
idnsAllowQuery: any;
idnsName: 0.63.10.in-addr.arpa.
idnsSOAmName: ldap1.example.lan.

the entry:
# 68, 0.63.10.in-addr.arpa., dns, ipa.example.net
dn: idnsname=68,idnsname=0.63.10.in-addr.arpa.,cn=dns,dc=ipa,dc=example,dc=net
objectClass: top
objectClass: idnsrecord
cNAMERecord: ds02.example.lan.
idnsName: 68

but the reverse dns lookup fails anyway:

[root at ldap1 ~]# dig -x 10.63.0.68

; <<>> DiG 9.9.6-P1-RedHat-9.9.6-8.P1.fc21 <<>> -x 10.63.0.68
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59911
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;68.0.63.10.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
10.in-addr.arpa. 86400 IN SOA 10.in-addr.arpa. . 0 28800 7200 604800 86400

;; Query time: 4 msec
;; SERVER: 172.23.1.5#53(172.23.1.5)
;; WHEN: Tue Aug 11 14:40:08 UTC 2015
;; MSG SIZE  rcvd: 87

[root at ldap1 ~]#

Any thoughts?

-- 
S poštovanjem / Regards,

Nikola Kržalić.