On 6.1.2016 08:25, Petr Spacek wrote: > On 6.1.2016 06:42, Devin wrote: >> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a >> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the >> Kerberos domain as LNX.NINJA. Everything installs just fine without any >> issues, and even when I log into FreeIPA and go to the DNS Manager i see >> that it created a few zones as I would have expected (ie: Reverse zone for >> 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is >> that if I try to do a DNS query for any record on the (lnx.ninja) zone it >> fails even though there are records there, and if I query any records >> inside the servers.lnx.ninja zone they work just fine. What I can't >> understand is why are my DNS queries dying on the (lnx.ninja) zone. >> >> So for my test I created 2 (A) records one inside (lnx.ninja) and one >> inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja >> to not succeed? I have duplicated this issue multiple times with several >> other VM's using different domains and they have have same issue. Any >> advise is appreciated! >> >> [root@idm ~]# dig @localhost blah.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.lnx.ninja. IN A >> >> ;; Query time: 1 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 >> ;; MSG SIZE rcvd: 43 >> >> [root@idm ~]# dig @localhost blah.servers.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost >> blah.servers.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.servers.lnx.ninja. IN A >> >> ;; ANSWER SECTION: >> blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 >> >> ;; AUTHORITY SECTION: >> servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. >> >> ;; ADDITIONAL SECTION: >> idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 >> >> ;; Query time: 0 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 >> ;; MSG SIZE rcvd: 101 > > > Hello, > > this is strange, but I do not have sufficient information right now. > > Please add following information: > # list all configured DNS master zones > $ ipa dnszone-find > > # list all DNS forward zones > $ ipa dnsforwardzone-find > > # tell us exact RPM versions > $ rpm -q bind bind-dyndb-ldap ipa-server
Ee, I forgot to ask for logs from named-pkcs11 service: Please run $ journalctl -u named-pkcs11 and look for messages related to the zone which has problems. I'm sorry for the noise :-) -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project