On 9/6/20 5:48 PM, Peter Larsen via FreeIPA-users wrote:
I have two FreeIPA servers both are working as DNS servers for the
network. Each IPA server is in the DNS server list, so they serve as
"backup" for one another. I had one of the server's named-pkcs11 fail
last night and somehow the second server failed resolving as it could
not reach the first one.
The zone they're hitting has forwarding disabled. I could get internal
addresses resolved but when it came to external, the server that was
running would not forward out of the network - only to the server that
no longer was open.
I'm struggling to see what would cause this dependency. Since the zone
definition is the same on both systems, what causes this dependency? Is
there a setting I need to look at that's not in the LDAP DB? Each IPA
server has a resolve that lists localhost (them-self) and the IP address
of the other IPA server. So I understand if there's attempt to reach
the other, but if the first IPA server can do a global forward, why
can't the other?
I use "forwarding disabled" because it turned out when there was no
external access the "forward first" would fail and hence I would have no
DNS just because my ISP decided not to reply - even the internal DNS
would fail this way. Forwarding disabled seems to work - and it's my
expectation that it simply looks up the NS record directly when it
doesn't have a zone that matches. So why does one of the IPA servers not
seem to be able to do this?
Hi,
not sure if it addresses your issue, but the forwarders can be defined
at various levels:
# ipa dnsconfig-show
will display if a global forwarder is set
# ipa dnsserver-show <server_fqdn>
will display if a per-server forwarder is set
# ipa dnszone-show <zone>
will display if a per-zone forwarder is set
What is your exact configuration and for which zone does the resolution
fail?
flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
