[Freeipa-users] Errors while adding DNS Zone
Martin Basti
mbasti at redhat.com
Tue Mar 10 08:28:27 UTC 2015
On 09/03/15 19:18, Matt Wells wrote:
> I'm getting some errors on a DNS Zone that I'm attempting to create.
> My systems reside within a sub-domain of example.com.
> (xyz.example.com)
> Of course example.com is the internet address, but I want to host the
> internal example.com so we're able to point to internal intranets and
> so on.
>
> So to the good stuff
> Regardless of what flags I give, what NS records I change, the NS
> never actually set. I know it's something silly that I'm overlooking
> but would really love other eyes.
>
> I go to create the zone on server2.
> [root at server2 html]# ipa dnszone-add example.com
> Zone name: example.com.
> Active zone: TRUE
> Authoritative nameserver: server2.xyz.example.com.
> Administrator e-mail address: hostmaster
> SOA serial: 1425924224
> SOA refresh: 3600
> SOA retry: 900
> SOA expire: 1209600
> SOA minimum: 3600
> BIND update policy: grant xyz.example.com krb5-self * A; grant
> xyz.example.com krb5-self * AAAA; grant xyz.example.com krb5-self *
> SSHFP;
> Dynamic update: FALSE
> Allow query: any;
> Allow transfer: none;
> [root at server2 html]# rndc reload
> server reload successful
>
> ------------
> Logs on server1 show this
>
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server2.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server1.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: not loaded due to errors.
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]:
> update_zone (syncrepl) failed for
> 'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
> outdated, run `rndc reload`: bad zone
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server2.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server1.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: not loaded due to errors.
> Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]:
> update_zone (syncrepl) failed for
> 'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
> outdated, run `rndc reload`: bad zone
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server2.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server1.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: not loaded due to errors.
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: unable to reload invalid zone; reload triggered by
> change in 'idnsname=_kerberos,idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com':bad
> zone
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server2.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: NS 'server1.xyz.example.com' has no address records (A
> or AAAA)
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
> example.com/IN: not loaded due to errors.
> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]:
> update_zone (syncrepl) failed for
> 'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
> outdated, run `rndc reload`: bad zone
>
Hello, do you have proper NS delegation in example.com. zone?
ipa dnsrecord-add example.com. xyz.example.com.
--ns-rec=server2.xyz.example.com
Martin
--
Martin Basti
More information about the Freeipa-users
mailing list