[Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)

Devin delldudedevin at gmail.com
Wed Jan 6 05:42:56 UTC 2016 

I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a
fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the
Kerberos domain as LNX.NINJA. Everything installs just fine without any
issues, and even when I log into FreeIPA and go to the DNS Manager i see
that it created a few zones as I would have expected (ie: Reverse zone for
10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is
that if I try to do a DNS query for any record on the (lnx.ninja) zone it
fails even though there are records there, and if I query any records
inside the servers.lnx.ninja zone they work just fine. What I can't
understand is why are my DNS queries dying on the (lnx.ninja) zone.

So for my test I created 2 (A) records one inside (lnx.ninja) and one
inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja
to not succeed? I have duplicated this issue multiple times with several
other VM's using different domains and they have have same issue. Any
advise is appreciated!

[root at idm ~]# dig @localhost blah.lnx.ninja

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blah.lnx.ninja. IN A

;; Query time: 1 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Jan 06 05:30:15 UTC 2016
;; MSG SIZE  rcvd: 43

[root at idm ~]# dig @localhost blah.servers.lnx.ninja

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost
blah.servers.lnx.ninja
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blah.servers.lnx.ninja. IN A

;; ANSWER SECTION:
blah.servers.lnx.ninja. 86400 IN A 10.10.10.1

;; AUTHORITY SECTION:
servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja.

;; ADDITIONAL SECTION:
idm.servers.lnx.ninja. 1200 IN A 10.10.10.10

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Jan 06 05:30:32 UTC 2016
;; MSG SIZE  rcvd: 101

Thanks Much.

Devin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160105/111ddf5c/attachment.htm>

More information about the Freeipa-users mailing list