Jonathan Kelley via FreeIPA-users wrote:
> Hi,
> 
> Running IPA-server 4.5.0-21
> 
> I lost 2/3 IPA servers from power failure, replication didn't recover. I
> want to drop the replicas and add new ones, but can't see a list of
> replicas. It's giving me SERVFAIL for google DNS which seems unlikely.
> 
> Anyone know of a trick forward to recovery?
> 
> [root@auth1 root]# ipa-replica-manage list
> 
> ipa: ERROR: DNS query for auth1.example.com <http://auth1.example.com>.
> A failed: All nameservers failed to answer the query auth1.example.com
> <http://auth1.example.com>. IN A: Server 8.8.8.8 UDP port 53 answered
> SERVFAIL
> 
> Re-run /sbin/ipa-replica-manage with --verbose option to get more
> information
> 
> Unexpected error: All nameservers failed to answer the query
> gvoauth1.gvoperations.com <http://gvoauth1.gvoperations.com>. IN A:
> Server 8.8.8.8 UDP port 53 answered SERVFAIL
> 
> 
> 
> The worst part: it seems like DNS works great and FreeIPA has hit a snag. =(
> 
> 
> # from freeipa
> 
> [root@auth1 iptables]# dig google.com <http://google.com> @8.8.8.8
> <http://8.8.8.8>
> 
> ;; ANSWER SECTION:
> 
> google.com <http://google.com>.299INA216.58.218.110
> 
> 
> 
> # from workstation to freeipa server
> 
> mac:~$ dig google.com <http://google.com> @auth1
> 
> 
> ; <<>> DiG 9.8.3-P1 <<>> google.com <http://google.com> @auth1
> 
> ;; global options: +cmd
> 
> ;; ANSWER SECTION:
> 
> google.com <http://google.com>.300INA216.58.218.110

Try passing --no-lookup to ipa-replica-manage to skip the lookup entirely.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to