Receiving huge list of entries is not a cheap operation, that's why
there is a default max limit set to 100/2000 entries. You have to count
with that. Maybe direct AXFR from DNS may be more suitable for you, to
get the complete list of DNS records per zone. But if you are fine with
speed, memory and CPU consumption on server side, there is no issue why
dnsrecord-find shouldn't be used.
Martin
On 13.12.2016 17:47, Mike Driscoll wrote:
Thanks Martin. That is the cause...
$ ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep
nsslapd-sizelimit
Enter LDAP Password:
nsslapd-sizelimit: 2000
This command results in a similar problem that only 100 of 270 record names
were returned.
$ ipa dnsrecord-find mydomain.com qa
If I specify these limits, I get all 270 records as expected.
$ ipa dnsrecord-find mydomain.com qa --sizelimit=10000 --timelimit=20
I have the impression this default size limit meets most needs. Is my approach
wrong when wanting to dump the entire DNS list of records via ipa
dnsrecord-find?
Mike
On Dec 13, 2016, at 08:17, Martin Basti <mba...@redhat.com> wrote:
Tomas already replied to you, copying here as archives are currently offline to
prevent spam
"""
Hi,
you seem to be hitting the size limit on LDAP side. To verify, check
ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep
nsslapd-sizelimit
If you really need to increase this size limit, you will have to modify the
nsslapd-sizelimit in cn=config.
"""
Martin
On 13.12.2016 17:06, Mike Driscoll wrote:
Any thoughts about this sizelimit bug?
Mike
On Nov 28, 2016, at 14:44, Mike Driscoll <mike.drisc...@oracle.com> wrote:
I'm running:
# rpm -qa | grep ipa-server
ipa-server-4.4.0-12.0.1.el7.x86_64
ipa-server-dns-4.4.0-12.0.1.el7.noarch
ipa-server-common-4.4.0-12.0.1.el7.noarch
Searching DNS for all hostnames containing "qa" times out in the GUI. Setting
aside the option to change server defaults, this cli command isn't giving me the content
I need:
# ipa dnsrecord-find mydomain.com --sizelimit=10000 --timelimit=20 | grep qa
ipa: WARNING: Search result has been truncated: Configured size limit exceeded
It seems like the sizelimit parameter greater than two thousand is being
ignored:
# ipa dnsrecord-find mydomain.com --sizelimit=1900 --timelimit=20
...
-------------------------------
Number of entries returned 1900
-------------------------------
# ipa dnsrecord-find mydomain.com --sizelimit=2100 --timelimit=20
...
-------------------------------
Number of entries returned 2000
-------------------------------
Any suggestions?
Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
