[Freeipa-users] DNS operation timed out when installing IPA with forwarders

Martin Basti mbasti at redhat.com
Fri Feb 19 14:09:23 UTC 2016 


On 19.02.2016 14:57, Geselle Stijn wrote:
> That seems to fail:
>
> [root at ipa ~]# dig @192.168.1.1 . SOA
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> @192.168.1.1 . SOA ; (1 server found) ;; global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44900 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;.                              IN      SOA
>
> ;; Query time: 11153 msec
> ;; SERVER: 192.168.1.1#53(192.168.1.1)
> ;; WHEN: Fri Feb 19 14:42:51 CET 2016
> ;; MSG SIZE  rcvd: 28
>
>
> But if I add a new record (e.g. CNAME) to DNS in Windows Server and try to ping to that CNAME, I get resolved correctly.
>
> -Stijn
Hello,

global forwarders, specified by --forwarder option during installation 
or added via ipa dnsconfig-mod, must be able to resolve root zone (your 
forwarder/server 192.168.1.1 is not able to return result for root zone).

You probably need to specify forwardzone, for the particular windows 
domain you use, instead of specify it as global forwarder.

ipa dnsforwardzone-add <your.windows.zone.> --forwarder 192.168.1.1

Martin
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
> Sent: Friday 19 February 2016 13:59
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] DNS operation timed out when installing IPA with forwarders
>
> On 19.2.2016 13:50, Geselle Stijn wrote:
>> Hello fellow FreeIPA users,
>>
>> I'm trying to setup FreeIPA in a lab environment (VirtualBox):
>>
>>
>> -          ad.example.com (Windows Server 2008 R2) - 192.168.1.1
>>
>> -          ipa.example.com (CentOS 7.2) - 192.168.1.2
>> Both machines can ping each other, DNS resolving works:
>>
>> [root at ipa ~] nslookup ad
>> Server:         192.168.1.1
>> Address:     192.168.1.1#53
>>
>> Name:     ad.example.com
>> Address: 192.168.1.1
>>
>>
>> I executed:
>>
>> yum install -y "*ipa-server*" bind bind-dyndb-ldap ipa-server-install
>> --domain=example.com --realm=EXAMPLE.COM --setup-dns
>> --forwarder=192.168.1.1
>>
>> But the installation wizard fails at:
>>
>> Checking DNS forwarders, please wait ...
>> ipa            : ERROR   DNS server 192.168.1.1: query '. SOA': The DNS operation timed out after 10.00124242 seconds
>> ipa.ipapython.install.cli.install_tool(Server): ERROR     DNS server 192.168.1.1: query '. SOA': The DNS operation timed out after 10.00124242 seconds
>>
>>
>> Is there some way I can better troubleshoot this? Can I increase the DNS timeout (maybe it's simply slow via VirtualBox).
> Please try command
> $ dig @192.168.1.1 . SOA
> and paste the output here.
>
> Also, please run the installer again with option --debug.
>
> I will have a look.
>
> Thank you.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>

More information about the Freeipa-users mailing list