reverse DNS lookup stopped working after I broke some replication agreements (perhaps unrelated, but worth mentioning). Regular A records resolve fine. The records can be seen in LDAP (using ldapsearch with GSSAPI after kinit -t /etc/named.keytab):
the zone: # 0.63.10.in-addr.arpa., dns, ipa.example.net dn: idnsname=0.63.10.in-addr.arpa.,cn=dns,dc=ipa,dc=example,dc=net idnsUpdatePolicy: grant IPA.example.NET krb5-self * PTR; grant IPA.example.NET krb5-self * SSHFP; idnsAllowDynUpdate: TRUE idnsForwarders: 172.23.1.5 idnsAllowSyncPTR: TRUE idnsSOAserial: 1439302482 idnsSOArName: hostmaster.ipa.example.net. idnsZoneActive: TRUE idnsSOAexpire: 1209600 nSRecord: ldap1.example.lan. idnsSOAminimum: 3600 objectClass: idnszone objectClass: top objectClass: idnsrecord idnsAllowTransfer: none; idnsSOAretry: 900 idnsSOArefresh: 3600 idnsAllowQuery: any; idnsName: 0.63.10.in-addr.arpa. idnsSOAmName: ldap1.example.lan. the entry: # 68, 0.63.10.in-addr.arpa., dns, ipa.example.net dn: idnsname=68,idnsname=0.63.10.in-addr.arpa.,cn=dns,dc=ipa,dc=example,dc=net objectClass: top objectClass: idnsrecord cNAMERecord: ds02.example.lan. idnsName: 68 but the reverse dns lookup fails anyway: [root@ldap1 ~]# dig -x 10.63.0.68 ; <<>> DiG 9.9.6-P1-RedHat-9.9.6-8.P1.fc21 <<>> -x 10.63.0.68 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59911 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;68.0.63.10.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 10.in-addr.arpa. 86400 IN SOA 10.in-addr.arpa. . 0 28800 7200 604800 86400 ;; Query time: 4 msec ;; SERVER: 172.23.1.5#53(172.23.1.5) ;; WHEN: Tue Aug 11 14:40:08 UTC 2015 ;; MSG SIZE rcvd: 87 [root@ldap1 ~]# Any thoughts? -- S poštovanjem / Regards, Nikola Kržalić. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project