[Freeipa-users] Errors while adding DNS Zone

Tue Mar 10 13:38:40 UTC 2015

@Martin Basti that was it.  Thanks so much for the assistance.
@Petr Spacek also thanks for the reply also.  I failed to provide some
rather important information that you mentioned.

Thanks all for your the help.

On Tue, Mar 10, 2015 at 1:35 AM, Petr Spacek <pspacek at redhat.com> wrote:
> Hello!
>
> First of all, what version of FreeIPA do you use? FreeIPA 4.1.what?
>
> On 9.3.2015 19:18, Matt Wells wrote:
>> I'm getting some errors on a DNS Zone that I'm attempting to create.
>> My systems reside within a sub-domain of example.com.
>> (xyz.example.com)
>> Of course example.com is the internet address, but I want to host the
>> internal example.com so we're able to point to internal intranets and
>> so on.
>>
>> So to the good stuff
>> Regardless of what flags I give, what NS records I change, the NS
>> never actually set.  I know it's something silly that I'm overlooking
>> but would really love other eyes.
>>
>> I go to create the zone on server2.
>> [root at server2 html]# ipa dnszone-add example.com
>>   Zone name: example.com.
>>   Active zone: TRUE
>>   Authoritative nameserver: server2.xyz.example.com.
>
> One important note: Field 'Authoritative nameserver' shows only the SOA MNAME
> value and is not related at all to NS records in the zone.
>
> Use
> $ ipa dnsrecord-show example.com. @
> to see NS records in zone apex.
>
>> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
>> example.com/IN: NS 'server2.xyz.example.com' has no address records (A
>> or AAAA)
>> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
>> example.com/IN: NS 'server1.xyz.example.com' has no address records (A
>> or AAAA)
>> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
>> example.com/IN: not loaded due to errors.
>> Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]:
>> update_zone (syncrepl) failed for
>> 'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
>> outdated, run `rndc reload`: bad zone
>
> At this point we need to know more information:
>
> a) You have to add glue records for names listed in example.com NS records. It
> is not obvious if you did that or not:
> $ ipa dnsrecord-add example.com server1.xyz --a-rec=192.0.2.1
> $ ipa dnsrecord-add example.com server2.xyz --a-rec=192.0.2.2
>
> b) If xyz.example.com is a sub-zone you have to add NS records/delegation for
> it (even if it is hosted on the same server!):
> $  ipa dnsrecord-add example.com xyz --ns-rec=server1.xyz.example.com.
> $  ipa dnsrecord-add example.com xyz --ns-rec=server2.xyz.example.com.
>
> Do not forget to change names in NS records if the sub-zone is hosted on
> different servers.
>
> I hope this helps. Have a nice day!
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 

Matt Wells
Chief Systems Architect
RHCVA, RHCA #110-000-353
(702) 808-0424
matt.wells at mosaic451.com
 Las Vegas | Phoenix | Portland Mosaic451.com
CONFIDENTIALITY NOTICE: This transmittal is a confidential
communication or may otherwise be privileged. If you are not intended
recipient, you are hereby notified that you have received this
transmittal in error and that any review, dissemination, distribution
or copying of this transmittal is strictly prohibited. If you have
received this communication in error, please notify this office, and
immediately delete this message and all its attachments, if any.