[Freeipa-users] dnsforwardzone-add giving error
Petr Spacek
pspacek at redhat.com
Mon May 2 06:55:01 UTC 2016
On 1.5.2016 14:32, Ben .T.George wrote:
> HI
>
> After reboot i tried the same command and i got below error
>
> [root at global ~]# ipa dnsforwardzone-add kwttestdc.com.kw
> --forwarder=192.168.37.131 --forward-policy=only
> Server will check DNS forwarder(s).
> This may take some time, please wait ...
> ipa: ERROR: DNS check for domain kwttestdc.com.kw. failed: All nameservers
> failed to answer the query kwttestdc.com.kw. IN SOA: Server 127.0.0.1 UDP
> port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53
> anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered
> The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered The DNS
> operation timed out.; Server 127.0.0.1 UDP port 53 anwered SERVFAIL.
>
>
> this is the first time i am seeing this error.
This indicates a problem with DNS resolution from the FreeIPA server.
I would recommend you to run following command and to inspect named logs:
$ dig kwttestdc.com.kw SOA
$ journalctl named -u named-pkcs11
Also, please see below.
> On Sun, May 1, 2016 at 3:30 PM, Ben .T.George <bentech4you at gmail.com> wrote:
>
>> HI LIst,
>>
>> i dont; know how to explain this issue. I was trying IPA 4.3.1
>>
>> while adding DNS, i am getting below error
>>
>> [root at global tmp]# ipa dnsforwardzone-add kwttestdc.com.kw
>> --forwarder=192.168.37.131 --forward-policy=only
>> Server will check DNS forwarder(s).
>> This may take some time, please wait ...
>> ipa: ERROR: DNS zone kwttestdc.com.kw. already exists in DNS and is
>> handled by server(s): corp.kwttestdc.com.kw.
IPA detected that you are trying to use forward zone to override content of
zone kwttestdc.com.kw which is already resolvable. This is almost always a bad
idea.
You are you adding forward zone even though the zone can be resolved directly
from the FreeIPA server?
What is the use-case?
Petr^2 Spacek
>>
>>
>> and in my resolv.conf , i have given like below:
>>
>> nameserver 127.0.0.1
>>
>> someone please explan what is the issue and how to fix this one.
>>
>> Regards,
>> Ben
More information about the Freeipa-users
mailing list