[Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)
Petr Spacek
pspacek at redhat.com
Wed Jan 6 07:25:03 UTC 2016
On 6.1.2016 06:42, Devin wrote:
> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a
> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the
> Kerberos domain as LNX.NINJA. Everything installs just fine without any
> issues, and even when I log into FreeIPA and go to the DNS Manager i see
> that it created a few zones as I would have expected (ie: Reverse zone for
> 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is
> that if I try to do a DNS query for any record on the (lnx.ninja) zone it
> fails even though there are records there, and if I query any records
> inside the servers.lnx.ninja zone they work just fine. What I can't
> understand is why are my DNS queries dying on the (lnx.ninja) zone.
>
> So for my test I created 2 (A) records one inside (lnx.ninja) and one
> inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja
> to not succeed? I have duplicated this issue multiple times with several
> other VM's using different domains and they have have same issue. Any
> advise is appreciated!
>
> [root at idm ~]# dig @localhost blah.lnx.ninja
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;blah.lnx.ninja. IN A
>
> ;; Query time: 1 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Wed Jan 06 05:30:15 UTC 2016
> ;; MSG SIZE rcvd: 43
>
> [root at idm ~]# dig @localhost blah.servers.lnx.ninja
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost
> blah.servers.lnx.ninja
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;blah.servers.lnx.ninja. IN A
>
> ;; ANSWER SECTION:
> blah.servers.lnx.ninja. 86400 IN A 10.10.10.1
>
> ;; AUTHORITY SECTION:
> servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja.
>
> ;; ADDITIONAL SECTION:
> idm.servers.lnx.ninja. 1200 IN A 10.10.10.10
>
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Wed Jan 06 05:30:32 UTC 2016
> ;; MSG SIZE rcvd: 101
Hello,
this is strange, but I do not have sufficient information right now.
Please add following information:
# list all configured DNS master zones
$ ipa dnszone-find
# list all DNS forward zones
$ ipa dnsforwardzone-find
# tell us exact RPM versions
$ rpm -q bind bind-dyndb-ldap ipa-server
Thank you.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list