Re: [Freeipa-users] DNS operation timed out when installing IPA with forwarders

Fri, 19 Feb 2016 06:13:46 -0800 


On 19.02.2016 14:57, Geselle Stijn wrote:

That seems to fail:

[root@ipa ~]# dig @192.168.1.1 . SOA

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> @192.168.1.1 . SOA ; (1 server 
found) ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44900 ;; flags: qr rd ra; 
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;.                              IN      SOA

;; Query time: 11153 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 19 14:42:51 CET 2016
;; MSG SIZE  rcvd: 28


But if I add a new record (e.g. CNAME) to DNS in Windows Server and try to ping 
to that CNAME, I get resolved correctly.

-Stijn

Hello,


global forwarders, specified by --forwarder option during installation 
or added via ipa dnsconfig-mod, must be able to resolve root zone (your 
forwarder/server 192.168.1.1 is not able to return result for root zone).



You probably need to specify forwardzone, for the particular windows 
domain you use, instead of specify it as global forwarder.


ipa dnsforwardzone-add <your.windows.zone.> --forwarder 192.168.1.1

Martin


-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
Sent: Friday 19 February 2016 13:59
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] DNS operation timed out when installing IPA with 
forwarders

On 19.2.2016 13:50, Geselle Stijn wrote:

Hello fellow FreeIPA users,

I'm trying to setup FreeIPA in a lab environment (VirtualBox):


-          ad.example.com (Windows Server 2008 R2) - 192.168.1.1

-          ipa.example.com (CentOS 7.2) - 192.168.1.2
Both machines can ping each other, DNS resolving works:

[root@ipa ~] nslookup ad
Server:         192.168.1.1
Address:     192.168.1.1#53

Name:     ad.example.com
Address: 192.168.1.1


I executed:

yum install -y "*ipa-server*" bind bind-dyndb-ldap ipa-server-install
--domain=example.com --realm=EXAMPLE.COM --setup-dns
--forwarder=192.168.1.1

But the installation wizard fails at:

Checking DNS forwarders, please wait ...
ipa            : ERROR   DNS server 192.168.1.1: query '. SOA': The DNS 
operation timed out after 10.00124242 seconds
ipa.ipapython.install.cli.install_tool(Server): ERROR     DNS server 
192.168.1.1: query '. SOA': The DNS operation timed out after 10.00124242 
seconds


Is there some way I can better troubleshoot this? Can I increase the DNS 
timeout (maybe it's simply slow via VirtualBox).

Please try command
$ dig @192.168.1.1 . SOA
and paste the output here.

Also, please run the installer again with option --debug.

I will have a look.

Thank you.

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






















					Reply via email to