Re: [Freeipa-users] DNS reverse zone is not managed by this server

Thu, 22 Dec 2016 01:53:43 -0800 


On 22.12.2016 09:37, Maciej Drobniuch wrote:

Hi Martin

Thank you for reply.


1. The dig is returning proper PTR record. I've added it manually to 
the zone and it's working.



I was asking for SOA and zone name, IMO there is nothing secret about 
reverse zone name from private address space


what returns this command on server?

python -c 'import netaddr; from dns import resolver; ip = 
netaddr.IPAddress("10.0.0.165"); revn = ip.reverse_dns; print revn; 
print resolver.zone_for_name(revn)'




2. The problem exists while adding host entries or A records with 
"create reverse" option.

That's why I asked to run dig, the code uses DNS system to determine zone.


3. If I'll bind a host with ipa-client-install the PTR record gets 
created in the reverse zone and it works

Ok


4. The resolv.conf file has only the IPA server IP addres/localhost added.


Have you changed it recently?

Martin



Cheers!
M.


On Wed, Dec 21, 2016 at 5:43 PM, Martin Basti <mba...@redhat.com 
<mailto:mba...@redhat.com>> wrote:


    Hello all :)


    On 20.12.2016 01:33, Maciej Drobniuch wrote:

    Hi All!

    I get the following message while adding a new hostname.

    "The host was added but the DNS update failed with: DNS reverse
    zone in-addr.arpa. for IP address 10.0.0.165 is not managed by
    this server"


    IPA failed to get correct reverse zone, can you try dig -x
    10.0.0.165 what will be in SOA answer?

    What is the name of reverse zone you have on IPA DNS server?


    Martin



    The reverse zone is configured and working.
    When I am manually adding the PTR record to the reverse zone - all OK

    While adding a new host,  the A record is being created but the
    PTR fails with the message above.

    Reinstalling centos+IPA worked once but I had to reinstall again
    because of problems with kerberos(probably dependencies).

    Not sure what is the root cause of the issue.

    VERSION: 4.4.0, API_VERSION: 2.213

    CENTOS7 Linux freeipa1 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6
    11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

    Any help appreciated!

    -- 
    Best regards


    Maciej Drobniuch
    Network Security Engineer
    Collective-sense LLC







--
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-sense LLC



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





















					Reply via email to