[Freeipa-users] DNSSEC warning when DNSSEC should be disabled
Dan Dietterich
dan at cazena.com
Thu Apr 13 20:50:33 UTC 2017
I am seeing inconsistent results configuring a DNS forward zone.
At a bash prompt, as root, after kinit admin, I do:
ipa dnsforwardzone-add domain.internal --forwarder= ww.xx.yy.zz --forward-policy=only
That works fine and does not warn about DNSSEC.
In a Java webapp running as root under a Jetty, I run a shell sub-process and issue the kinit and the same ipa statement.
_Sometimes_, I get
ipa: WARNING: DNSSEC validation failed: record 'domain.internal. SOA' failed DNSSEC validation on server ww.xx.yy.zz.
Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA servers.
I modified the /etc/named.conf file to say:
dnssec-enable no;
dnssec-validation no;
and systemctl restart ipa
Any clue why the results are different?
ipa –version: VERSION: 4.4.0, API_VERSION: 2.213
Linux … 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Thanks for any insight!
Regards,
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170413/8702404d/attachment.htm>
More information about the Freeipa-users
mailing list