[Freeipa-users] Multiple Reverse (PTR) Zone

Petr Spacek pspacek at redhat.com
Thu Oct 29 12:03:36 UTC 2015 

On 29.10.2015 11:33, Yogesh Sharma wrote:
> Hi,
> 
> We are working on to create another DC and extending our existing FreeIPA.
> 
> Our current environment has subnet as 172.16.32.0/16. In another DC we have
> 10.242.96.0/20.
> 
> On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arpa. ,
> However, on registering the DC2 Client with FreeIPA Master it says
> "Hostname not found in DNS"

This message tells you that "hostname" (i.e. what you see in output of command
"hostname") does not have A/AAAA record in DNS. It has nothing to do with PTR
records.

Message "Failed to update DNS records." is usually caused by misconfigured DNS
zones.

Please see
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR
for advice how to configure DNS zones to accept dynamic updates.

I hope this helps.
Petr^2 Spacek

> Our Domain is same across DC, the only change is Subnet.
> 
> Forward Zone is working fine.
> 
> 
> Below are Regestration Logs:
> 
> [root at dr-ipadns-1002 ~]# ipa-client-install --mkhomedir --no-ntp
> Discovery was successful!
> Hostname: dr-ipadns-1002.klikpay.int
> Realm: KLIKPAY.INT
> DNS Domain: klikpay.int
> IPA Server: ipa-inf-prd-ng2-02.klikpay.int
> BaseDN: dc=klikpay,dc=int
> 
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admin
> Synchronizing time with KDC...
> Password for admin at KLIKPAY.INT:
> Successfully retrieved CA cert
>     Subject:     CN=Certificate Authority,O=KLIKPAY.INT
>     Issuer:      CN=Certificate Authority,O=KLIKPAY.INT
>     Valid From:  Fri Aug 14 11:39:47 2015 UTC
>     Valid Until: Tue Aug 14 11:39:47 2035 UTC
> 
> Enrolled in IPA realm KLIKPAY.INT
> Attempting to get host TGT...
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm KLIKPAY.INT
> trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml
> Forwarding 'env' to server u'https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> *Hostname (dr-ipadns-1002.klikpay.int <http://dr-ipadns-1002.klikpay.int>)
> not found in DNS*
> Failed to update DNS records.
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to server u'
> https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> SSSD enabled
> Configuring klikpay.int as NIS domain
> Configured /etc/openldap/ldap.conf
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete.
> 
> [root at dr-ipadns-1002 ~]# ip r
> 10.242.96.0/20 dev eth0  proto kernel  scope link  src 10.242.96.3
> 169.254.0.0/16 dev eth0  scope link  metric 1002
> default via 10.242.96.1 dev eth0
> [root at dr-ipadns-1002 ~]#
> 
> 
>>From IPA:
> 
> [root at ipa-inf-prd-ng2-01 ~]# ipa dnszone-show 242.10.in-addr.arpa
>   Zone name: 242.10.in-addr.arpa.
>   Active zone: TRUE
>   Authoritative nameserver: ipa-inf-prd-ng2-01.klikpay.int.
>   Administrator e-mail address: hostmaster
>   SOA serial: 1446111284
>   SOA refresh: 3600
>   SOA retry: 900
>   SOA expire: 1209600
>   SOA minimum: 3600
>   Allow query: any;
>   Allow transfer: none;
> [root at ipa-inf-prd-ng2-01 ~]#
> 
> 
> 
> Please suggest as what I am missing.


-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list