hi, a bit late, but you should check the forwarding logs (maybe enable them, bit unsure if it is enabled per default on named).
Without any proof, my gut feeling is on dnssec :-), I have had to turn it off a few times. Regards, Natxo Asenjo On Tue, Jan 30, 2024 at 5:11 PM David Harvey via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Just checking if there are any suggestions as to how to debug this > effectively. The lack of smoking barrel log entries we've seen with it have > left us a little stumped! > Thanks as always, > David > > On Wed, 17 Jan 2024 at 10:54, Tania Hagan via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi Freeipa-users, >> >> We are currently running Freeipa version 4.9.11 on Rocky 8.8. >> >> We have noticed over the last few months that external name resolution >> e.g. google.com fails to resolve on multiple Freeipa replicas even >> though the service named-pkcs11 remains up and running and journalctl or >> logs aren’t showing up any obvious errors to why this might be happening. >> We temporarily fix this by restarting the service, but the problem comes >> back at random times. >> >> We currently have 39 DNS Zones >> >> Our DNS Global Configuration has a forward policy of forward only, though >> the individual zones are set to forward first. >> >> I’ve read a few articles that say maybe changing the forward policy might >> fix it, but nothing that mentions how to double check if changing the >> policy will fix it. >> >> Are there any useful troubleshooting checks I could run to either help >> explain why our service keeps failing at random intervals or confirm any >> changes would fix the issue without the risk of potential downtime of our >> DNS service? >> >> Many Thanks, >> Tania >> -- >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- -- Groeten, natxo
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue