Hello, On Tue, Nov 18, 2025 at 10:11 AM lejeczek via FreeIPA-users < [email protected]> wrote: > > HI guys. > > This is DNS related but I'd say - no lack of experienced users here. > My IPA's dns cannot, do not want to, resolve a specific few (perhaps many more, how knows) public domains. > Popular, well-known but also my IPS's dnses, do resolve these same domains, immediately, no problems. > So I gave those couple of dnses I've tired, as forwarders to IPA but, that does not help. > query_errors.log says: > ... query failed (timed out) ... > same as when there were no forwarders at all. > dig shows: > > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2088 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > as opposed to when pointed directly at a forwarder: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61791 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > All this is quite weird to me but hey ! ain't an expert. > What is (not)happening here ? any/all thoughts are much appreciated.]
You need to have a forwarder and a forward policy that is not "none", otherwise, IPA will only answer for its own zones. You can check the forward configuration with: # ipa dnsconfig-show (global configuration) # ipa dnsserver-find (dns per-server configuration) # ipa dnsforwardzone-find (per-zone configuration) If, for example, you use: # ipa dnsconfig-mod --forwarder 8.8.8.8 --forward-policy only You will set a global forwarder to Google's public nameserver. hth, Rafael > many thanks, L. > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
