<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/12/14 17:28, Matthew Herzog
wrote:<br>
</div>
<blockquote
cite="mid:CABhyZ34TCzUz+fNUSCvdZ38MS7rsLMMdb_jTdfKUsmYs86fn_Q@mail.gmail.com"
type="cite">
<div dir="ltr">I just realized that my IPA servers cannot resolve
ANY servers in my domain. What do I need to do to fix this?
Below is my named.conf.
<div><br>
</div>
<div><br>
<div>
<div>options {</div>
<div> // turns on IPv6 for port 53, IPv4 is on by
default for all ifaces</div>
<div> listen-on-v6 {any;};</div>
<div><br>
</div>
<div> // Put files that named is allowed to write in
the data/ directory:</div>
<div> directory "/var/named"; // the default</div>
<div> dump-file "data/cache_dump.db";</div>
<div> statistics-file "data/named_stats.txt";</div>
<div> memstatistics-file
"data/named_mem_stats.txt";</div>
<div><br>
</div>
<div> forward first;</div>
<div> forwarders {</div>
<div> 10.100.8.41;</div>
<div> 10.100.8.40;</div>
<div> 10.100.4.13;</div>
<div> 10.100.4.14;</div>
<div> 10.100.4.19;</div>
<div> 10.100.4.44;</div>
<div> };</div>
<div><br>
</div>
<div> // Any host is permitted to issue recursive
queries</div>
<div> allow-recursion { any; };</div>
<div><br>
</div>
<div> tkey-gssapi-keytab "/etc/named.keytab";</div>
<div> pid-file "/run/named/named.pid";</div>
<div>};</div>
<div><br>
</div>
<div>/* If you want to enable debugging, eg. using the 'rndc
trace' command,</div>
<div> * By default, SELinux policy does not allow named to
modify the /var/named directory,</div>
<div> * so put the default debug log file in data/ :</div>
<div> */</div>
<div>logging {</div>
<div> channel default_debug {</div>
<div> file "data/named.run";</div>
<div> severity dynamic;</div>
<div> print-time yes;</div>
<div> };</div>
<div>
<div> };</div>
<div>};</div>
<div><br>
</div>
<div>zone "." IN {</div>
<div> type hint;</div>
<div> file "<a moz-do-not-send="true"
href="http://named.ca">named.ca</a>";</div>
<div>};</div>
<div><br>
</div>
<div>include "/etc/named.rfc1912.zones";</div>
<div><br>
</div>
<div>dynamic-db "ipa" {</div>
<div> library "ldap.so";</div>
<div> arg "uri
ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";</div>
<div> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";</div>
<div> arg "fake_mname <a moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a>.";</div>
<div> arg "auth_method sasl";</div>
<div> arg "sasl_mech GSSAPI";</div>
<div> arg "sasl_user DNS/<a moz-do-not-send="true"
href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a>";</div>
<div> arg "serial_autoincrement yes";</div>
<div>};</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
<div><br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
Hello,<br>
<br>
which version ipa do you use? which platform? Which version
bind-dyndb-ldap?<br>
<br>
Can you run these commands, and check if there any errors?<br>
ipactl status<br>
systemctl status named (respectively journalctl -u named)<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>