[Freeipa-users] RHEL 7.2/Oracle Linux 7.2 - DNS FORWARD ZONE doesn't work!

Alexandre Borges alex_sun at terra.com.br
Wed Feb 24 11:53:01 UTC 2016 

Dear colleagues, 

 

How are you?

 

I’ve been facing a horrible problem with RHEL 7.2 (and Oracle Linux 7.2)
when configuring IPA dnsforwardzone during the Active Directory integration.


 

My configuration follows:

 

IPA Server: 192.168.1.195 (rhel72-1.example.com)

Win2012 (AD): 192.168.1.229 (win2012.example.local)   à different domains!!!

 

Last command executed: 

 

[root at rhel72-1 ~]# ipa dnszone-find

  

Zone name: 1.168.192.in-addr.arpa.

  Active zone: TRUE

  Authoritative nameserver: rhel72-1.example.com.

  Administrator e-mail address: hostmaster.example.com.

  SOA serial: 1456310858

  SOA refresh: 3600

  SOA retry: 900

  SOA expire: 1209600

  SOA minimum: 3600

  Allow query: any;

  Allow transfer: none;

 

  Zone name: example.com.

  Active zone: TRUE

  Authoritative nameserver: rhel72-1.example.com.

  Administrator e-mail address: hostmaster.example.com.

  SOA serial: 1456310858

  SOA refresh: 3600

  SOA retry: 900

  SOA expire: 1209600

  SOA minimum: 3600

  Allow query: any;

  Allow transfer: none;

  Allow in-line DNSSEC signing: FALSE

----------------------------

Number of entries returned 2

----------------------------

 

[root at rhel72-1 ~]# ipa dnsconfig-show

  Global forwarders: 8.8.8.8, 8.8.4.4

 

[root at rhel72-1 ~]# ipa dnsforwardzone-add example.local
--forwarder=192.168.1.229 --forward-policy=only

 

Server will check DNS forwarder(s).

This may take some time, please wait ...

ipa: WARNING: DNSSEC validation failed: record 'example.local. SOA' failed
DNSSEC validation on server 192.168.1.195.

Please verify your DNSSEC configuration or disable DNSSEC validation on all
IPA servers.

  Zone name: example.local.

  Active zone: TRUE

  Zone forwarders: 192.168.1.229

  Forward policy: only

 

[root at rhel72-1 ~]#  ipa dnsforwardzone-find 

  Zone name: example.local.

  Active zone: TRUE

  Zone forwarders: 192.168.1.229

  Forward policy: only

----------------------------

Number of entries returned 1

----------------------------

 

[root at rhel72-1 ~]# ping win2012.example.local

 

ping: unknown host win2012.example.local

 

 

I’ve already rebooted the host, but it hasn’t worked. 

 

The same problem is happening with Oracle Linux 7.2. 

 

Please, could you help me, please?

 

I hope you have a nice day.

 

Alexandre Borges.

 

 



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160224/4fc1ba53/attachment.htm>

More information about the Freeipa-users mailing list