[Freeipa-users] IPA's own ptr record - unresolvable ?
lejeczek
peljasz at yahoo.co.uk
Fri Jun 3 08:29:10 UTC 2016
On 03/06/16 08:06, Petr Spacek wrote:
> On 2.6.2016 18:30, lejeczek wrote:
>> hi users,
>>
>> I do (all on IPA server)
>>
>> $ host 10.5.6.100
>> Host 100.6.5.10.in-addr.arpa. not found: 3(NXDOMAIN)
>>
>> I do:
>>
>> $ host 10.5.6.17
>> 17.6.5.10.in-addr.arpa domain name pointer ......
>>
>> I do:
>>
>> $ ipa dnsrecord-find 5.10.in-addr.arpa
>> Record name: @
>> NS record: rider.private.dom., swir.private.dom.,
>> work5.private.dom.
>>
>> Record name: 19.10
>> PTR record: work1.private.dom.
>>
>> Record name: 23.10
>> PTR record: work5.private.dom.
>>
>> Record name: 100.6
>> PTR record: rider.private.dom.
>>
>> Record name: 17.6
>> PTR record: dzien.private.dom.
>>
>> Record name: 32.6
>> PTR record: swir.private.dom.
>> ----------------------------
>> Number of entries returned 6
>>
>>
>> dig also find these records.
>>
>> this is probably why replica fails with:
>>
>> ipa.ipapython.install.cli.install_tool(Replica): ERROR Unable to resolve
>> the IP address 10.5.6.100 to a host name, check /etc/hosts and DNS name
>> resolution
>>
>> must be something trivial?
> Likely :-) It could have multiple reasons.
> E.g. DNS delegation from parent domain could be broken which could cause this etc.
>
> Please try commands
> $ dig -x <IP address> PTR
>
> and
>
> $ dig -x <IP address> SOA
>
> and post their output, preferably without redacting it because the attempt to
> hind real names often hide the root cause. I will have a look.
>
hi Petr
I have to redact, but I do it programmaticaly.
I think it happened after addition of second(last) replica,
I initially installed server with 5.10.in-addr.arpa.
Now I do:
$ ipa dnszone-find
Zone name: 5.10.in-addr.arpa.
Active zone: TRUE
Authoritative nameserver: rider.private.dom.
Administrator e-mail address: hostmaster.private.dom.
SOA serial: 1464884896
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
Zone name: 10.5.10.in-addr.arpa.
Active zone: TRUE
Authoritative nameserver: work5.private.dom.
Administrator e-mail address: hostmaster.private.dom.
SOA serial: 1464489313
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
Zone name: 6.5.10.in-addr.arpa.
Active zone: TRUE
Authoritative nameserver: swir.private.dom.
Administrator e-mail address: hostmaster.private.dom.
SOA serial: 1464880660
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
Zone name: private.dom.
Active zone: TRUE
Authoritative nameserver: rider.private.dom.
Administrator e-mail address: hostmaster.private.dom.
SOA serial: 1464884764
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
----------------------------
Number of entries returned 4
----------------------------
and I dag "any" type of record and misread it, there is no
ptr record returned, I could not get how delegation can be
involved here.
It's IPA(rider is the first server) own 5.10.in-addr.arpa.
And rider sees 10.5.6.32 10.5.6.17 etc. but not it's own
record, which according to:
$ ipa dnsrecord-find 5.10.in-addr.arpa
exists:
Record name: 100.6
PTR record: rider.private.dom.
$ dig -x 10.5.6.100 +qr soa
;; QUESTION SECTION:
;100.6.5.10.in-addr.arpa. IN SOA
;; AUTHORITY SECTION:
6.5.10.in-addr.arpa. 0 IN SOA rider.private.dom.
hostmaster.private.dom. 1464880660 3600 900 1209600 3600
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
$ dig -x 10.5.6.100 +qr ptr
;; QUESTION SECTION:
;100.6.5.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
6.5.10.in-addr.arpa. 3600 IN SOA rider.private.dom.
hostmaster.private.dom. 1464880660 3600 900 1209600 3600
;; Query time: 1 msec
More information about the Freeipa-users
mailing list