[Freeipa-users] FreeIPA + /etc/named.conf

Thu Jan 5 19:03:25 UTC 2017

Hey All,

QQ.

Should the DNS forwarders be updated in /etc/named.conf?  Until I 
manually change /etc/named.conf, can't ping the windows AD cluster: 
mds.xyz.  Nor can I get dig to resolve the SRV records (dig SRV 
_ldap._tcp.mds.xyz).

sssd-ipa-1.14.0-43.el7_3.4.x86_64
ipa-client-4.4.0-14.el7.centos.x86_64

IPA command below indicates that it's set to 'first' but that's not 
what's in /etc/named.conf file when I check.  Again, it works if I 
change /etc/named.conf manually.

-- 
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.

[root at idmipa02 network-scripts]# ipa dnsforwardzone-find mds.xyz
   Zone name: mds.xyz.
   Active zone: TRUE
   Zone forwarders: 192.168.0.224
   Forward policy: first
----------------------------
Number of entries returned 1
----------------------------
[root at idmipa02 network-scripts]# grep -i forward /etc/named.conf
         forward only;
         forwarders {
[root at idmipa02 network-scripts]# vi /etc/named.conf
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]# ping mds.xyz
PING mds.xyz (192.168.0.224) 56(84) bytes of data.
64 bytes from 192.168.0.224: icmp_seq=1 ttl=128 time=0.515 ms
64 bytes from 192.168.0.224: icmp_seq=2 ttl=128 time=0.447 ms
^C
--- mds.xyz ping statistics ---
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 
1000ms
rtt min/avg/max/mdev = 0.447/83.695/333.339/144.132 ms
[root at idmipa02 network-scripts]# grep -i forward /etc/named.conf
         forward first;
         forwarders {
[root at idmipa02 network-scripts]# dig SRV _ldap._tcp.mds.xyz

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> SRV _ldap._tcp.mds.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5407
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_ldap._tcp.mds.xyz.            IN      SRV

;; ANSWER SECTION:
_ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 winad01.mds.xyz.
_ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 winad02.mds.xyz.

;; AUTHORITY SECTION:
xyz.                    10876   IN      NS      generationxyz.nic.xyz.
xyz.                    10876   IN      NS      z.nic.xyz.
xyz.                    10876   IN      NS      y.nic.xyz.
xyz.                    10876   IN      NS      x.nic.xyz.

;; ADDITIONAL SECTION:
winad02.mds.xyz.        497     IN      A       192.168.0.221
winad02.mds.xyz.        497     IN      A       192.168.0.223
winad01.mds.xyz.        2902    IN      A       192.168.0.224
winad01.mds.xyz.        2902    IN      A       192.168.0.220
winad01.mds.xyz.        2902    IN      A       192.168.0.222

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 05 13:55:51 EST 2017
;; MSG SIZE  rcvd: 277

[root at idmipa02 network-scripts]#