[Freeipa-users] Error with DNS forwarding on replica.
Petr Spacek
pspacek at redhat.com
Mon Jun 13 05:50:22 UTC 2016
On 12.6.2016 20:47, Nuno Higgs wrote:
> Hello all,
>
>
>
> I have a IPA server - IPA 4.2 - and i have added a new IPA to geographic
> replication.
>
>
>
> I have added it as stated in the documentation here:
> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ht
> ml/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replic
> a.html#replica-install-with-dns>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm
> l/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica
> .html#replica-install-with-dns
>
>
>
> All was replicated correctly, and i can do a kinit user at DOMAIN with success
> within the replica.
>
> However there is a problem with the DNS sections:
>
>
>
> Although it DNS is ok, my configuration within IPA on the first server
> regarding DNS zones that are set on forward only are not.
>
> In my first server, i can do a forward of domain - let's say
> <http://domain.eu> domain.eu. On the second server (replica) the forward is
> shown configured correctly within the webgui but it does not work, giving a
> NX error on query <http://www.domain.eu> www.domain.eu (the A Record exists
> and is shown on the first server). It also shows on dig on the replica (dig
> @x.x.x.x www.domain.eu), so it isn't a network permissions issue.
>
>
>
> I have deleted the zone on the master (and replica), and recreated it. On
> the first server, it worked fine. On the replica the problem persisted.
>
>
>
> Am I missing anything? Is there a undocumented trick, or have i missed
> something?
Hello,
it could be either a DNS configuration problem or a LDAP replication problem.
Please show us output from command:
$ ipa dnsforwardzone-show domain.eu
from all IPA servers you have.
The output should be the same. If it is not the same then you are most likely
facing an replication problem, please see
http://www.freeipa.org/page/Troubleshooting#Replication_issues
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list