[Freeipa-users] Forward first not working
Shaun Martin
smartin at blackducksoftware.com
Wed Feb 25 16:59:19 UTC 2015
Hi,
I am having an issue with the forward first not appear to be working. I have two separate IPA servers that server separate realms. I have for the reverse zone configured forwarders to point to the other realms IPA server. All versions are identical on the IPA servers. I have included details on version and tests that show this is not working.
$ yum list installed |grep bind-dyndb-ldap
bind-dyndb-ldap.x86_64 3.5-4.el7 @base
$ yum list installed |grep ipa
ipa-admintools.x86_64 3.3.3-28.0.1.el7.centos.3 @updates
ipa-client.x86_64 3.3.3-28.0.1.el7.centos.3 @updates
ipa-python.x86_64 3.3.3-28.0.1.el7.centos.3 @updates
ipa-server.x86_64 3.3.3-28.0.1.el7.centos.3 @updates
libipa_hbac.x86_64 1.11.2-68.el7_0.6 @updates
libipa_hbac-python.x86_64 1.11.2-68.el7_0.6 @updates
python-iniparse.noarch 0.4-9.el7 @anaconda
sssd-ipa.x86_64
BELOW IS WITH FORWARDING DISABLED. It cannot find 10.1.0.9 but can find 10.1.20.9. This is expected as this server only has the 10.1.20.9 record.
$ nslookup
> server 10.1.20.9
Default server: 10.1.20.9
Address: 10.1.20.9#53
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53
9.20.1.10.in-addr.arpa name = prd-ops-ipa01.uzb.local.
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53
** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN
BELOW IS WITH FORWARDING ENABLED. It cannot find 10.1.20.9 but can find 10.1.0.9. This is expected as the forwarding server only has the 10.1.0.9 record.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53
** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53
Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.
Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.
BELOW IS WITH FORWARD FIRST ENABLED. It cannot find 10.1.20.9 but can find 10.1.0.9. This is un-expected as the local zone has the 10.1.20.9 and the forward server has the 10.1.0.9 so we should be getting both.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53
** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53
Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.
Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.
ops-ipa01.bbf.local internet address = 10.1.0.9
Any help is greatly appreciated.
Thanks,
Shaun
[cid:1F369212-0E28-4C3C-8955-33CDA7C2FAB4 at blackducksoftware.com]
Shaun Martin
IT\OPS Manager
Black Duck Software
O: +1.781.425.4336
Black Duck Software<http://www.blackducksoftware.com/> | OpenHUB<https://www.openhub.net/> | OSDelivers<http://osdelivers.blackducksoftware.com/> | OSS Logistics<https://www.blackducksoftware.com/oss-logistics>
[cid:CC23E6F1-CA96-4E59-978B-D0D9EDE0F2DB at blackducksoftware.com] <http://twitter.com/black_duck_sw> [cid:AC8F793C-9870-4ECB-B844-3337F98BA51F at blackducksoftware.com] <https://www.linkedin.com/company/black-duck-software> [cid:AB6B7F6B-C85C-4E52-8B42-9C9A5EB9D0D1 at blackducksoftware.com] <https://www.facebook.com/BlackDuckSoftware> [cid:931AE271-12EC-458A-BB1F-7455AD35B154 at blackducksoftware.com] <https://plus.google.com/+Blackducksoftware/> [cid:8EB9FA0C-F1E0-4E32-9E58-0D6A646A5625 at blackducksoftware.com] <http://www.slideshare.net/blackducksoftware> [cid:1A0AC858-0DCC-44B4-B3D0-8BB35E291B02 at blackducksoftware.com]
JP Morgan Chase & Co. Hall of Innovation Inductee <https://www.youtube.com/user/BlackDuckSoftware>
<https://www.youtube.com/user/BlackDuckSoftware>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 7EA68D51-363B-4FAD-A939-D9CD926D70AB.png
Type: image/png
Size: 3790 bytes
Desc: 7EA68D51-363B-4FAD-A939-D9CD926D70AB.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: E33E6B21-2C3E-4C55-8796-46161EE14AC6.png
Type: image/png
Size: 280 bytes
Desc: E33E6B21-2C3E-4C55-8796-46161EE14AC6.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EDB9C095-85D8-437C-A4CF-A515712839CA.png
Type: image/png
Size: 248 bytes
Desc: EDB9C095-85D8-437C-A4CF-A515712839CA.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8D343C4D-B65C-473A-96DE-792AF2B5D16E.png
Type: image/png
Size: 227 bytes
Desc: 8D343C4D-B65C-473A-96DE-792AF2B5D16E.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3FCDCA9B-C8EA-4EB2-9184-457FF1A9AB5D.png
Type: image/png
Size: 335 bytes
Desc: 3FCDCA9B-C8EA-4EB2-9184-457FF1A9AB5D.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D1E6BBB6-3622-496C-B3BF-7DC86A214CB8.png
Type: image/png
Size: 355 bytes
Desc: D1E6BBB6-3622-496C-B3BF-7DC86A214CB8.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: B8FD9DF1-3230-44BF-80DA-AEA16CB00E29.png
Type: image/png
Size: 316 bytes
Desc: B8FD9DF1-3230-44BF-80DA-AEA16CB00E29.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150225/6be1f219/attachment-0006.png>
More information about the Freeipa-users
mailing list