Hi again, concerning the strange results which I accused to multiple A-records, I found something new. I started to doubt our powerdns setup and modifying it in ldap got annoying, so I switched on to bind instead[1]. After that, asking for DNS lookups changed. PowerDNS:
r...@tjener:~# host 10.0.2.2 2.2.0.10.in-addr.arpa domain name pointer tjener.intern. 2.2.0.10.in-addr.arpa domain name pointer kerberos.intern. 2.2.0.10.in-addr.arpa domain name pointer ldap.intern. 2.2.0.10.in-addr.arpa domain name pointer domain.intern. 2.2.0.10.in-addr.arpa domain name pointer postoffice.intern. 2.2.0.10.in-addr.arpa domain name pointer syslog.intern. With bind: r...@workstation01:~# host 10.0.2.2 2.2.0.10.in-addr.arpa domain name pointer tjener.intern. r...@workstation01:~# host ldap ldap.intern has address 10.0.2.2 r...@workstation01:~# host www www.intern is an alias for tjener.intern. tjener.intern has address 10.0.2.2 As you see, ldap is an A-record as before (I double checked in /etc/bind/db.intern), however host 10.0.2.2 is resolved to only tjener. So I conclude, that the current DNS setup, as a mixture of ldap objects prepared for bind with extra attributes to make powerDNS (sort of) work, is broken. In addition, there is absolutely no use of GOsa with regard to DNS, as modifications are not accepted by GOsa with the added powerDNS attributes. With such a system, it's extremely hard to stay motivated, because you waist your time fixing things that are "known not to work properly" instead of really being able to test new things. I propose three choices: 1) We move powerDNS to its own tree (as before) and switch of the "systems"-stuff in GOsa. This means we don't have a GUI to make changes, but hopefully a working DNS again that doesn't block all other activities. 2) We drop powerDNS and give bind a try. This means merely installing bind instead of powerDNS, appending a line to a configuration file and touching another one [1]. Regarding the simplicity, it could also be considered as an intermediate solution until we have something else. 3) Someone has time and volunteers to cooperate with Alejandro (<URL:http://lists.debian.org/debian-edu/2010/12/msg00117.html>) to implement powerDNS in GOsa properly. This should happen soon, because the current broken system only leads to frustration. So please comment on the issue. I think we should have other problems than wasting time getting adventurous powerDNS/bind combinations running, and the current situation is not acceptable. Best regards, Andi [1] It's almost nothing that has to be done to use bind with the current setup: aptitude install bind9 aptitude install ldap2zone # bind configuration: echo 'include "/etc/bind/named.conf.ldap2zone";' >> /etc/bind/named.conf.local touch /etc/bind/named.conf.ldap2zone ldap2bind # check if anything makes sense: less /etc/bind/db.intern less /etc/bind/db.2.0.10.in-addr.arpa. If anything is fine, switch off pdns (in /etc/default): --- a/default/pdns-recursor +++ b/default/pdns-recursor @@ -1,5 +1,5 @@ # Variables for PowerDNS recursor # # Set START to yes to start the pdns-recursor -START=yes +START=no --- a/default/pdns +++ b/default/pdns @@ -1,5 +1,5 @@ # Variables for PowerDNS # # Whether you want to start PowerDNS automatically. -START=yes +START=no http://lists.debian.org/debian-edu/2010/10/msg00209.html -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110109205430.ga17...@flashgordon
