[Freeipa-users] DNSSEC A, AAAA Records

Günther J. Niederwimmer gjn at gjn.priv.at
Fri Jun 10 15:33:30 UTC 2016 

Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
> On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
> > Hello,
> > 
> > Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
> >> On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
> >>> Hello,
> >>> 
> >>> can any help me to clear a question for DNSSEC, NSEC3
> >>> 
> >>> I have a domain created with bind and DNSSEC and NSEC3 I test this
> >>> Domain
> >>> and other, not my Domain with
> >>> 
> >>> http://dnsviz.net/d/esslmaier.at/dnssec/
> >>> 
> >>> This site from Verisign tell me, I have all Secure and also the A, AAAA
> >>> Records
> >>> 
> >>> FreeIPA 4.3.1 Centos 7.2
> > 
> > I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list
> > tell me 4.3.1 is the better version for DNSSEC ?
> > 
> >>> But when I test my IPA created domain
> >>> http://dnsviz.net/d/4gjn.com/dnssec/
> >>> 
> >>> I miss the A, AAAA Records
> >>> 
> >>> can this be correct ?
> >>> 
> >>> Thanks for a answer
> >> 
> >> Hello,
> >> do you have configured A and AAAA records in zone apex of '4gjn.com'?
> > 
> > Yes I have configured A AAAA Records, but something is wrong with the Zone
> > File ? when I look on my secondary DNS this is a PDNS then I found total
> > different entry for esslmaier.at and my 4gjn.com.
> > 
> >> I can `dig +dnssec ipa.4gjn.com. A`  with DNSSEC results but for `dig
> >> +dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
> > 
> > Yes I wrote this before but I have no answer, what I can do :-(.
> > 
> >> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
> > 
> > this is all !!!
> > 
> > [root at ipa ~]# ipa dnsrecord-show 4gjn.com. @
> > 
> >   Datensatzname: @
> >   MX record: 10 smtp.4gjn.com.
> >   NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,
> > 
> > ns1.gratisdns.dk.
> > 
> >   TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 
ip6:2001:470:6f:
> > 8f1::223
> > 
> >               ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
> >  
> >  ipa dnsrecord-show 4gjn.com. AAAA
> > 
> > ipa: ERROR: AAAA: DNS resource record nicht gefunden
> > 
> > Is this a LDAP Problem ?
> 
> Apparently you do not have any A/AAAA records defined in IPA. Add some and
> you will see :-)

NO ;-(  I have configurede all my server with A and AAAA Records ?
 
> Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for
> DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found 
4.3.2

I have this Repo

group_freeipa-freeipa-4-3-centos-7-epel-7.repo
-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

More information about the Freeipa-users mailing list