[Freeipa-users] DNSSEC A, AAAA Records
Petr Spacek
pspacek at redhat.com
Fri Jun 10 13:26:39 UTC 2016
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
> Hello,
>
> Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
>> On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
>>> Hello,
>>>
>>> can any help me to clear a question for DNSSEC, NSEC3
>>>
>>> I have a domain created with bind and DNSSEC and NSEC3 I test this Domain
>>> and other, not my Domain with
>>>
>>> http://dnsviz.net/d/esslmaier.at/dnssec/
>>>
>>> This site from Verisign tell me, I have all Secure and also the A, AAAA
>>> Records
>>>
>>> FreeIPA 4.3.1 Centos 7.2
>
> I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list
> tell me 4.3.1 is the better version for DNSSEC ?
>
>>> But when I test my IPA created domain
>>> http://dnsviz.net/d/4gjn.com/dnssec/
>>>
>>> I miss the A, AAAA Records
>>>
>>> can this be correct ?
>>>
>>> Thanks for a answer
>>
>> Hello,
>> do you have configured A and AAAA records in zone apex of '4gjn.com'?
>
> Yes I have configured A AAAA Records, but something is wrong with the Zone File
> ? when I look on my secondary DNS this is a PDNS then I found total different
> entry for esslmaier.at and my 4gjn.com.
>
>
>> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig
>> +dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
> Yes I wrote this before but I have no answer, what I can do :-(.
>
>> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
>
> this is all !!!
>
> [root at ipa ~]# ipa dnsrecord-show 4gjn.com. @
> Datensatzname: @
> MX record: 10 smtp.4gjn.com.
> NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,
> ns1.gratisdns.dk.
> TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f:
> 8f1::223
> ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
>
> ipa dnsrecord-show 4gjn.com. AAAA
> ipa: ERROR: AAAA: DNS resource record nicht gefunden
>
> Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some and you
will see :-)
Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for
DNSSEC. There is many bugs in older versions.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list