[Freeipa-users] DNSSEC A, AAAA Records
Martin Basti
mbasti at redhat.com
Fri Jun 10 16:01:32 UTC 2016
On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
> Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
>> On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
>>> Hello,
>>>
>>> Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
>>>> On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
>>>>> Hello,
>>>>>
>>>>> can any help me to clear a question for DNSSEC, NSEC3
>>>>>
>>>>> I have a domain created with bind and DNSSEC and NSEC3 I test this
>>>>> Domain
>>>>> and other, not my Domain with
>>>>>
>>>>> http://dnsviz.net/d/esslmaier.at/dnssec/
>>>>>
>>>>> This site from Verisign tell me, I have all Secure and also the A, AAAA
>>>>> Records
>>>>>
>>>>> FreeIPA 4.3.1 Centos 7.2
>>> I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list
>>> tell me 4.3.1 is the better version for DNSSEC ?
>>>
>>>>> But when I test my IPA created domain
>>>>> http://dnsviz.net/d/4gjn.com/dnssec/
>>>>>
>>>>> I miss the A, AAAA Records
>>>>>
>>>>> can this be correct ?
>>>>>
>>>>> Thanks for a answer
>>>> Hello,
>>>> do you have configured A and AAAA records in zone apex of '4gjn.com'?
>>> Yes I have configured A AAAA Records, but something is wrong with the Zone
>>> File ? when I look on my secondary DNS this is a PDNS then I found total
>>> different entry for esslmaier.at and my 4gjn.com.
>>>
>>>> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig
>>>> +dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
>>> Yes I wrote this before but I have no answer, what I can do :-(.
>>>
>>>> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
>>> this is all !!!
>>>
>>> [root at ipa ~]# ipa dnsrecord-show 4gjn.com. @
>>>
>>> Datensatzname: @
>>> MX record: 10 smtp.4gjn.com.
>>> NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,
>>>
>>> ns1.gratisdns.dk.
>>>
>>> TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28
> ip6:2001:470:6f:
>>> 8f1::223
>>>
>>> ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
>>>
>>> ipa dnsrecord-show 4gjn.com. AAAA
>>>
>>> ipa: ERROR: AAAA: DNS resource record nicht gefunden
>>>
>>> Is this a LDAP Problem ?
>> Apparently you do not have any A/AAAA records defined in IPA. Add some and
>> you will see :-)
> NO ;-( I have configurede all my server with A and AAAA Records ?
But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second
one contains A/AAAA records.
4gjn.com AFAIK is your IPA domain, so it should not contain A/AAAA
records by default, unless you manually added them there.
Martin
>
>> Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for
>> DNSSEC. There is many bugs in older versions.
> I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found
> 4.3.2
>
> I have this Repo
>
> group_freeipa-freeipa-4-3-centos-7-epel-7.repo
More information about the Freeipa-users
mailing list