<div dir="ltr">I'm using freeipa 3.3.3 on Oracle Linux 7.<div>I have bind-dyndb-ldap-3.5-4.el7.x86_64 installed. </div><div><div><br></div><div>ipactl status:</div><div>Directory Service: RUNNING</div><div>krb5kdc Service: RUNNING</div><div>kadmin Service: RUNNING</div><div>named Service: RUNNING</div><div>ipa_memcached Service: RUNNING</div><div>httpd Service: RUNNING</div><div>pki-tomcatd Service: RUNNING</div><div>smb Service: RUNNING</div><div>winbind Service: RUNNING</div><div>ipa-otpd Service: RUNNING</div><div>ipa: INFO: The ipactl command was successful</div><div><br></div><div><br></div><div>systemctl status named:<br></div><div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone <a href="http://bo3.e-bozo.com/IN">bo3.e-bozo.com/IN</a>: loaded serial 1417535679</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone localhost/IN: loaded serial 0</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone localhost.localdomain/IN: loaded serial 0</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: all zones loaded</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: running</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> systemd[1]: Started Berkeley Internet Name Domain (DNS).</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone 4.100.10.in-addr.arpa/IN: loaded serial 1417535679</div><div>Dec 02 11:08:50 <a href="http://freeipa-poc01.bo3.e-bozo.com">freeipa-poc01.bo3.e-bozo.com</a> named[27495]: zone <a href="http://e-bozo.com/IN">e-bozo.com/IN</a>: loaded serial 1417535679</div></div><div><br></div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 2, 2014 at 11:36 AM, Martin Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"><div><div class="h5"> <div>On 02/12/14 17:28, Matthew Herzog wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">I just realized that my IPA servers cannot resolve ANY servers in my domain. What do I need to do to fix this? Below is my named.conf. <div><br> </div> <div><br> <div> <div>options {</div> <div> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces</div> <div> listen-on-v6 {any;};</div> <div><br> </div> <div> // Put files that named is allowed to write in the data/ directory:</div> <div> directory "/var/named"; // the default</div> <div> dump-file "data/cache_dump.db";</div> <div> statistics-file "data/named_stats.txt";</div> <div> memstatistics-file "data/named_mem_stats.txt";</div> <div><br> </div> <div> forward first;</div> <div> forwarders {</div> <div> 10.100.8.41;</div> <div> 10.100.8.40;</div> <div> 10.100.4.13;</div> <div> 10.100.4.14;</div> <div> 10.100.4.19;</div> <div> 10.100.4.44;</div> <div> };</div> <div><br> </div> <div> // Any host is permitted to issue recursive queries</div> <div> allow-recursion { any; };</div> <div><br> </div> <div> tkey-gssapi-keytab "/etc/named.keytab";</div> <div> pid-file "/run/named/named.pid";</div> <div>};</div> <div><br> </div> <div>/* If you want to enable debugging, eg. using the 'rndc trace' command,</div> <div> * By default, SELinux policy does not allow named to modify the /var/named directory,</div> <div> * so put the default debug log file in data/ :</div> <div> */</div> <div>logging {</div> <div> channel default_debug {</div> <div> file "data/named.run";</div> <div> severity dynamic;</div> <div> print-time yes;</div> <div> };</div> <div> <div> };</div> <div>};</div> <div><br> </div> <div>zone "." IN {</div> <div> type hint;</div> <div> file "<a href="http://named.ca" target="_blank">named.ca</a>";</div> <div>};</div> <div><br> </div> <div>include "/etc/named.rfc1912.zones";</div> <div><br> </div> <div>dynamic-db "ipa" {</div> <div> library "ldap.so";</div> <div> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";</div> <div> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";</div> <div> arg "fake_mname <a href="http://freeipa-poc01.bo3.e-bozo.com" target="_blank">freeipa-poc01.bo3.e-bozo.com</a>.";</div> <div> arg "auth_method sasl";</div> <div> arg "sasl_mech GSSAPI";</div> <div> arg "sasl_user DNS/<a href="http://freeipa-poc01.bo3.e-bozo.com" target="_blank">freeipa-poc01.bo3.e-bozo.com</a>";</div> <div> arg "serial_autoincrement yes";</div> <div>};</div> </div> <div><br> </div> <div><br> </div> <div><br> <div><br> </div> </div> </div> </div> </div> </blockquote></div></div> Hello,<br> <br> which version ipa do you use? which platform? Which version bind-dyndb-ldap?<br> <br> Can you run these commands, and check if there any errors?<br> ipactl status<br> systemctl status named (respectively journalctl -u named)<span class="HOEnZb"><font color="#888888"><br> <br> <pre cols="72">-- Martin Basti</pre> </font></span></div> </blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><h1 style="margin-top:0pt;margin-right:0pt;margin-bottom:0pt;margin-left:0pt"></h1>If life gives you melons, you may be dyslexic. </div></div> </div>