[Freeipa-users] CentOS 7 & FreeIPA 4.2: DNS resolution at the top-level domain/zone
Petr Spacek
pspacek at redhat.com
Tue Jun 21 10:04:06 UTC 2016
On 21.6.2016 11:23, Dan.Finkelstein at high5games.com wrote:
> We've recently set up a "clean" install of FreeIPA replete with replicas, but we just noticed an odd behavior in the DNS service: hosts in the top level domain (like ipa.example.com) do not resolve, whereas hosts in subdomains (like ipa.dev.example.com) do. I'm not sure what to look for in the various log files but I don't see any obvious errors. I thought perhaps this might have some guidance https://www.redhat.com/archives/freeipa-users/2015-July/msg00102.html, and maybe it does, but I'm not sure how to rescue my top-level domain names.
Hi,
we can certainly debug this but first of all, please clarify what 'top-level'
means.
If you really want help please do not obfuscate any DNS names. It often hides
real problems while not improving security in any way. (BTW you do not need to
hide domain names like 'NY5-EXMB1.High5.local' because these already leaked
through e-mail headers :-)
So, here are the important questions:
0) What name is unresolvable?
$ dig the.problematic.name.example.
1) What is the expected result from "dig"?
2) What DNS zones are configured in IPA?
$ ipa dnszone-find
3) Do you use DNS forwarding? (--forwarders option during IPA install or
commands ipa dnsforwardzone-*, ipa dnsconfig-mod etc.)
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list