On Tue, Apr 21, 2020 at 1:10 PM Tiemen Ruiten <t.rui...@tech-lab.io> wrote:
> Hello, > > On Tue, Apr 21, 2020 at 12:46 PM François Cami <fc...@redhat.com> wrote: > >> Hi, >> >> On Tue, Apr 21, 2020 at 12:19 PM Tiemen Ruiten via FreeIPA-users >> <freeipa-users@lists.fedorahosted.org> wrote: >> > >> > Hello, >> > >> > Since a few days ago, we're having issues with resolution of this >> hostname: >> > >> > download.wisselkoersenvoorjeadministratie.nl >> > >> > Our FreeIPA DNS servers return SERVFAIL for that particular hostname. >> What's funny, after I do a (successful) lookup directly at one of the >> configured forwarders, 1.1.1.1, resolution works, until the TTL expires. >> Other hostnames work fine. How can I troubleshoot this? >> >> Please have a look at the logs: >> https://www.freeipa.org/page/Troubleshooting/DNS#Getting_logs >> There should be some entry at the time you reproduce the issue. >> > > No lines related to named in /var/log/messages. > > I set debug logging with 'rndc trace' on the IPA nameserver that's being > queried and this shows up in named.run when I query the hostname: > > 21-Apr-2020 13:07:37.912 fetch: > download.wisselkoersenvoorjeadministratie.nl/A > 21-Apr-2020 13:07:37.939 client @0x7fcee8031200 10.100.120.47#36751 ( > download.wisselkoersenvoorjeadministratie.nl): query failed (SERVFAIL) > for download.wisselkoersenvoorjeadministratie.nl/IN/A at > ../../../bin/named-pkcs11/query.c:8580 > Added debug level 3, here's a failed lookup and a successful one (after lookup @1.1.1.1): [root@ipa-ams-02 ter]# tail -f /var/named/data/named.run | grep wisselkoersen 21-Apr-2020 13:16:21.397 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): query (cache) ' download.wisselkoersenvoorjeadministratie.nl/A/IN' approved 21-Apr-2020 13:16:21.397 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): replace 21-Apr-2020 13:16:21.398 fetch: download.wisselkoersenvoorjeadministratie.nl/A 21-Apr-2020 13:16:21.421 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): query failed (SERVFAIL) for download.wisselkoersenvoorjeadministratie.nl/IN/A at ../../../bin/named-pkcs11/query.c:8580 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): error 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): send 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): sendto 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): senddone 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): next 21-Apr-2020 13:16:21.422 client @0x7fcef1c8d350 10.100.120.47#35525 ( download.wisselkoersenvoorjeadministratie.nl): endrequest 21-Apr-2020 13:16:21.422 fetch completed at ../../../lib/dns-pkcs11/resolver.c:3754 for download.wisselkoersenvoorjeadministratie.nl/A in 0.023506: SERVFAIL/success [domain:wisselkoersenvoorjeadministratie.nl ,referral:0,restart:2,qrysent:2,timeout:0,lame:0,quota:0,neterr:0,badresp:2,adberr:0,findfail:0,valfail:0] ^C [root@ipa-ams-02 ter]# tail -f /var/named/data/named.run | grep wisselkoersen 21-Apr-2020 13:17:15.389 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): query (cache) ' download.wisselkoersenvoorjeadministratie.nl/A/IN' approved 21-Apr-2020 13:17:15.389 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): replace 21-Apr-2020 13:17:15.389 fetch: download.wisselkoersenvoorjeadministratie.nl/A 21-Apr-2020 13:17:15.403 fctx 0x7fcee981b0d0( download.wisselkoersenvoorjeadministratie.nl/A): looking for relevant NSEC3 21-Apr-2020 13:17:15.403 fctx 0x7fcee981b0d0( download.wisselkoersenvoorjeadministratie.nl/A): NSEC3 proves name does not exist: 'download.wisselkoersenvoorjeadministratie.nl' 21-Apr-2020 13:17:15.403 fctx 0x7fcee981b0d0( download.wisselkoersenvoorjeadministratie.nl/A): NSEC3 indicates secure range 21-Apr-2020 13:17:15.403 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): send 21-Apr-2020 13:17:15.403 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): sendto 21-Apr-2020 13:17:15.403 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): senddone 21-Apr-2020 13:17:15.403 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): next 21-Apr-2020 13:17:15.403 client @0x7fcef000c580 10.100.120.47#40143 ( download.wisselkoersenvoorjeadministratie.nl): endrequest
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org