[Freeipa-users] Error with DNS forwarding on replica.

Nuno Higgs ipa at border.nuneshiggs.com
Mon Jun 13 09:14:17 UTC 2016 

Hello again,

[root at ipa01 ~]# kinit user
Password for user at DOMAIN.LOCAL:
[root at ipa01 ~]# ipa dnsforwardzone-show domain.eu
  Zone name: domain.eu.
  Active zone: TRUE
  Zone forwarders: 194.65.3.20 195.65.3.21
  Forward policy: only
[root at ipa01 ~]#


[root at ipa02 ~]# ipa dnsforwardzone-show domain.eu
  Zone name: domain.eu.
  Active zone: TRUE
  Zone forwarders: 194.65.3.20 195.65.3.21
  Forward policy: only
[root at ipa02 ~]#

On both servers the return is the same.
I haven't touched the DNS config besides deleting the zone and recreating
it.

I am at a loss. What can be the issue here?

Thanks,
Nuno


-----Original Message-----
From: freeipa-users-bounces at redhat.com
[mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
Sent: segunda-feira, 13 de junho de 2016 06:50
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Error with DNS forwarding on replica.

On 12.6.2016 20:47, Nuno Higgs wrote:
> Hello all,
> 
>  
> 
> I have a IPA server - IPA 4.2 - and i have added a new IPA to 
> geographic replication.
> 
>  
> 
> I have added it as stated in the documentation here:
> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linu
> x/7/ht 
> ml/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-
> replic
> a.html#replica-install-with-dns>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux
> /7/htm 
> l/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-r
> eplica
> .html#replica-install-with-dns
> 
>  
> 
> All was replicated correctly, and i can do a kinit user at DOMAIN with 
> success within the replica.
> 
> However there is a problem with the DNS sections:
> 
>  
> 
> Although it DNS is ok, my configuration within IPA on the first server 
> regarding DNS zones that are set on forward only are not.
> 
> In my first server, i can do a forward of domain - let's say 
> <http://domain.eu> domain.eu. On the second server (replica) the 
> forward is shown configured correctly within the webgui but it does 
> not work, giving a NX error on query  <http://www.domain.eu> 
> www.domain.eu (the A Record exists and is shown on the first server). 
> It also shows on dig on the replica (dig @x.x.x.x www.domain.eu), so it
isn't a network permissions issue.
> 
>  
> 
> I have deleted the zone on the master (and replica), and recreated it. 
> On the first server, it worked fine. On the replica the problem persisted.
> 
>  
> 
> Am I missing anything? Is there a undocumented trick, or have i missed 
> something?

Hello,

it could be either a DNS configuration problem or a LDAP replication
problem.

Please show us output from command:
$ ipa dnsforwardzone-show domain.eu
from all IPA servers you have.

The output should be the same. If it is not the same then you are most
likely facing an replication problem, please see
http://www.freeipa.org/page/Troubleshooting#Replication_issues

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list