I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the Kerberos domain as LNX.NINJA. Everything installs just fine without any issues, and even when I log into FreeIPA and go to the DNS Manager i see that it created a few zones as I would have expected (ie: Reverse zone for 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is that if I try to do a DNS query for any record on the (lnx.ninja) zone it fails even though there are records there, and if I query any records inside the servers.lnx.ninja zone they work just fine. What I can't understand is why are my DNS queries dying on the (lnx.ninja) zone.
So for my test I created 2 (A) records one inside (lnx.ninja) and one inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja to not succeed? I have duplicated this issue multiple times with several other VM's using different domains and they have have same issue. Any advise is appreciated! [root@idm ~]# dig @localhost blah.lnx.ninja ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;blah.lnx.ninja. IN A ;; Query time: 1 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 ;; MSG SIZE rcvd: 43 [root@idm ~]# dig @localhost blah.servers.lnx.ninja ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.servers.lnx.ninja ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;blah.servers.lnx.ninja. IN A ;; ANSWER SECTION: blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 ;; AUTHORITY SECTION: servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. ;; ADDITIONAL SECTION: idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 ;; MSG SIZE rcvd: 101 Thanks Much. Devin
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project