<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 02/12/14 17:28, Matthew Herzog wrote:<br> </div> <blockquote cite="mid:CABhyZ34TCzUz+fNUSCvdZ38MS7rsLMMdb_jTdfKUsmYs86fn_Q@mail.gmail.com" type="cite"> <div dir="ltr">I just realized that my IPA servers cannot resolve ANY servers in my domain. What do I need to do to fix this? Below is my named.conf. <div><br> </div> <div><br> <div> <div>options {</div> <div> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces</div> <div> listen-on-v6 {any;};</div> <div><br> </div> <div> // Put files that named is allowed to write in the data/ directory:</div> <div> directory "/var/named"; // the default</div> <div> dump-file "data/cache_dump.db";</div> <div> statistics-file "data/named_stats.txt";</div> <div> memstatistics-file "data/named_mem_stats.txt";</div> <div><br> </div> <div> forward first;</div> <div> forwarders {</div> <div> 10.100.8.41;</div> <div> 10.100.8.40;</div> <div> 10.100.4.13;</div> <div> 10.100.4.14;</div> <div> 10.100.4.19;</div> <div> 10.100.4.44;</div> <div> };</div> <div><br> </div> <div> // Any host is permitted to issue recursive queries</div> <div> allow-recursion { any; };</div> <div><br> </div> <div> tkey-gssapi-keytab "/etc/named.keytab";</div> <div> pid-file "/run/named/named.pid";</div> <div>};</div> <div><br> </div> <div>/* If you want to enable debugging, eg. using the 'rndc trace' command,</div> <div> * By default, SELinux policy does not allow named to modify the /var/named directory,</div> <div> * so put the default debug log file in data/ :</div> <div> */</div> <div>logging {</div> <div> channel default_debug {</div> <div> file "data/named.run";</div> <div> severity dynamic;</div> <div> print-time yes;</div> <div> };</div> <div> <div> };</div> <div>};</div> <div><br> </div> <div>zone "." IN {</div> <div> type hint;</div> <div> file "<a moz-do-not-send="true" href="http://named.ca">named.ca</a>";</div> <div>};</div> <div><br> </div> <div>include "/etc/named.rfc1912.zones";</div> <div><br> </div> <div>dynamic-db "ipa" {</div> <div> library "ldap.so";</div> <div> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";</div> <div> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";</div> <div> arg "fake_mname <a moz-do-not-send="true" href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a>.";</div> <div> arg "auth_method sasl";</div> <div> arg "sasl_mech GSSAPI";</div> <div> arg "sasl_user DNS/<a moz-do-not-send="true" href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a>";</div> <div> arg "serial_autoincrement yes";</div> <div>};</div> </div> <div><br> </div> <div><br> </div> <div><br> <div><br> </div> </div> </div> </div> </div> </blockquote> Hello,<br> <br> which version ipa do you use? which platform? Which version bind-dyndb-ldap?<br> <br> Can you run these commands, and check if there any errors?<br> ipactl status<br> systemctl status named (respectively journalctl -u named)<br> <br> <pre class="moz-signature" cols="72">-- Martin Basti</pre> </body> </html>