I'm using freeipa 3.3.3 on Oracle Linux 7. I have bind-dyndb-ldap-3.5-4.el7.x86_64 installed.
ipactl status: Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING ipa_memcached Service: RUNNING httpd Service: RUNNING pki-tomcatd Service: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa: INFO: The ipactl command was successful systemctl status named: Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone bo3.e-bozo.com/IN: loaded serial 1417535679 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone localhost/IN: loaded serial 0 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone localhost.localdomain/IN: loaded serial 0 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: all zones loaded Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: running Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com systemd[1]: Started Berkeley Internet Name Domain (DNS). Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone 4.100.10.in-addr.arpa/IN: loaded serial 1417535679 Dec 02 11:08:50 freeipa-poc01.bo3.e-bozo.com named[27495]: zone e-bozo.com/IN: loaded serial 1417535679 On Tue, Dec 2, 2014 at 11:36 AM, Martin Basti <mba...@redhat.com> wrote: > On 02/12/14 17:28, Matthew Herzog wrote: > > I just realized that my IPA servers cannot resolve ANY servers in my > domain. What do I need to do to fix this? Below is my named.conf. > > > options { > // turns on IPv6 for port 53, IPv4 is on by default for all ifaces > listen-on-v6 {any;}; > > // Put files that named is allowed to write in the data/ > directory: > directory "/var/named"; // the default > dump-file "data/cache_dump.db"; > statistics-file "data/named_stats.txt"; > memstatistics-file "data/named_mem_stats.txt"; > > forward first; > forwarders { > 10.100.8.41; > 10.100.8.40; > 10.100.4.13; > 10.100.4.14; > 10.100.4.19; > 10.100.4.44; > }; > > // Any host is permitted to issue recursive queries > allow-recursion { any; }; > > tkey-gssapi-keytab "/etc/named.keytab"; > pid-file "/run/named/named.pid"; > }; > > /* If you want to enable debugging, eg. using the 'rndc trace' command, > * By default, SELinux policy does not allow named to modify the > /var/named directory, > * so put the default debug log file in data/ : > */ > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > print-time yes; > }; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > > include "/etc/named.rfc1912.zones"; > > dynamic-db "ipa" { > library "ldap.so"; > arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket"; > arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com"; > arg "fake_mname freeipa-poc01.bo3.e-bozo.com."; > arg "auth_method sasl"; > arg "sasl_mech GSSAPI"; > arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com"; > arg "serial_autoincrement yes"; > }; > > > > > Hello, > > which version ipa do you use? which platform? Which version > bind-dyndb-ldap? > > Can you run these commands, and check if there any errors? > ipactl status > systemctl status named (respectively journalctl -u named) > > -- > Martin Basti > > -- If life gives you melons, you may be dyslexic.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project