[Freeipa-users] DNS reverse zone is not managed by this server
Maciej Drobniuch
md at collective-sense.com
Thu Dec 22 09:57:23 UTC 2016
Hi Martin
Appreciate your help!
On Thu, Dec 22, 2016 at 10:48 AM, Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 22.12.2016 09:37, Maciej Drobniuch wrote:
>
> Hi Martin
>
> Thank you for reply.
>
> 1. The dig is returning proper PTR record. I've added it manually to the
> zone and it's working.
>
>
> I was asking for SOA and zone name, IMO there is nothing secret about
> reverse zone name from private address space
>
> what returns this command on server?
> python -c 'import netaddr; from dns import resolver; ip =
> netaddr.IPAddress("10.0.0.165"); revn = ip.reverse_dns; print revn; print
> resolver.zone_for_name(revn)'
>
>
> # python -c 'import netaddr; from dns import resolver; ip =
netaddr.IPAddress("10.0.0.165"); revn = ip.reverse_dns; print revn; print
resolver.zone_for_name(revn)'
165.0.0.10.in-addr.arpa.
in-addr.arpa.
2. The problem exists while adding host entries or A records with "create
> reverse" option.
>
> That's why I asked to run dig, the code uses DNS system to determine zone.
>
> 3. If I'll bind a host with ipa-client-install the PTR record gets created
> in the reverse zone and it works
>
> Ok
>
Manually creating the PTR record works fine as well.
>
>
> 4. The resolv.conf file has only the IPA server IP addres/localhost added.
>
>
> Have you changed it recently?
>
Yes, it pointed to outside 8.8.8.8, so the OS did not see the local reverse
zone.
Now it's pointing to localhost. And I get dig the PTRs. (I've manually
created the ptr)
# dig -x 10.0.0.165
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -x 10.0.0.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;165.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
165.0.0.10.in-addr.arpa. 1200 IN PTR prdfrmprb01.cs.int.
;; AUTHORITY SECTION:
1.0.10.in-addr.arpa. 86400 IN NS freeipa1.cs.int.
;; ADDITIONAL SECTION:
freeipa1.cs.int. 1200 IN A 10.0.0.200
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: czw gru 22 04:51:23 EST 2016
;; MSG SIZE rcvd: 124
>
>
> Martin
>
>
>
> Cheers!
> M.
>
> On Wed, Dec 21, 2016 at 5:43 PM, Martin Basti <mbasti at redhat.com> wrote:
>
>> Hello all :)
>>
>> On 20.12.2016 01:33, Maciej Drobniuch wrote:
>>
>> Hi All!
>>
>> I get the following message while adding a new hostname.
>>
>> "The host was added but the DNS update failed with: DNS reverse zone
>> in-addr.arpa. for IP address 10.0.0.165 is not managed by this server"
>>
>>
>> IPA failed to get correct reverse zone, can you try dig -x 10.0.0.165
>> what will be in SOA answer?
>>
>> What is the name of reverse zone you have on IPA DNS server?
>>
>>
>> Martin
>>
>>
>> The reverse zone is configured and working.
>> When I am manually adding the PTR record to the reverse zone - all OK
>>
>> While adding a new host, the A record is being created but the PTR fails
>> with the message above.
>>
>> Reinstalling centos+IPA worked once but I had to reinstall again because
>> of problems with kerberos(probably dependencies).
>>
>> Not sure what is the root cause of the issue.
>>
>> VERSION: 4.4.0, API_VERSION: 2.213
>>
>> CENTOS7 Linux freeipa1 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42
>> UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>>
>> Any help appreciated!
>> --
>> Best regards
>>
>> Maciej Drobniuch
>> Network Security Engineer
>> Collective-sense LLC
>>
>>
>>
>>
>
>
> --
> Best regards
>
> Maciej Drobniuch
> Network Security Engineer
> Collective-sense LLC
>
>
>
--
Best regards
Maciej Drobniuch
Network Security Engineer
2410 Camino Ramon, Suite 129
San Ramon, CA 94583
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161222/d3f2e127/attachment.htm>
More information about the Freeipa-users
mailing list