At random intervals the A record for one of the two IPA servers gets deleted.
Using integrated BIND. The named log looks like the following. Strange that it fails a sanity check but then goes ahead and does it anyway. "client 10.30.10.27" is the FreeIPA server itself. 13-Dec-2018 00:31:34.389 client 10.30.10.27#53265/key host/mdc-ipa-01.idm.planetrisk.com\@IDM.PLANETRISK.COM: updating zone 'idm.planetrisk.com/IN': deleting rrset at 'mdc-ipa-01.idm.planetrisk.com' A 13-Dec-2018 00:31:34.398 client 10.30.10.27#53265/key host/mdc-ipa-01.idm.planetrisk.com\@IDM.PLANETRISK.COM: updating zone 'idm.planetrisk.com/IN': update rejected: post update name server sanity check failed 13-Dec-2018 00:31:34.449 client 10.30.10.27#45570/key host/mdc-ipa-01.idm.planetrisk.com\@IDM.PLANETRISK.COM: updating zone 'idm.planetrisk.com/IN': deleting rrset at 'mdc-ipa-01.idm.planetrisk.com' AAAA 13-Dec-2018 00:31:34.449 zone 10.30.10.in-addr.arpa/IN: sending notifies (serial 1544679094) 13-Dec-2018 00:31:34.456 zone idm.planetrisk.com/IN: sending notifies (serial 1544679094) 13-Dec-2018 00:31:34.511 client 10.30.10.27#40273/key host/mdc-ipa-01.idm.planetrisk.com\@IDM.PLANETRISK.COM: updating zone 'idm.planetrisk.com/IN': deleting rrset at 'mdc-ipa-01.idm.planetrisk.com' A 13-Dec-2018 00:31:34.519 client 10.30.10.27#54534/key host/mdc-ipa-01.idm.planetrisk.com\@IDM.PLANETRISK.COM: updating zone 'idm.planetrisk.com/IN': deleting rrset at 'mdc-ipa-01.idm.planetrisk.com' AAAA 13-Dec-2018 00:32:00.754 client 10.60.2.120#40990 (112.2.60.10.in-addr.arpa): RFC 1918 response from Internet for 112.2.60.10.in-addr.arpa 13-Dec-2018 00:40:13.066 zone idm.planetrisk.com/IN: sending notifies (serial 1544679613) This is a two node cluster. At one time in the past before I took it over there was a failed attempt to integrate with Active Directory. I'm pretty sure I have removed all of the Active Directory integration components. I do want to retain the ability to have client enrollment trigger a DNS update. My guess it's related to sssd: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-dyndns dyndns_update was enable in the sssd config on the FreeIPA server. I simply removed the relevant lines in sssd.conf and restarted sssd but the problem keeps happening. Any ideas on where I should look to prevent this from continuing to happen? CentOS Linux release 7.6.1810 (Core) ipa-client.x86_64 4.6.4-10.el7.centos @base ipa-client-common.noarch 4.6.4-10.el7.centos @base ipa-common.noarch 4.6.4-10.el7.centos @base ipa-python-compat.noarch 4.6.4-10.el7.centos @base ipa-server.x86_64 4.6.4-10.el7.centos @base ipa-server-common.noarch 4.6.4-10.el7.centos @base ipa-server-dns.noarch 4.6.4-10.el7.centos @base ipa-server-trust-ad.x86_64 4.6.4-10.el7.centos @base libipa_hbac.x86_64 1.16.2-13.el7 @base python-iniparse.noarch 0.4-9.el7 @anaconda python-ipaddress.noarch 1.0.16-2.el7 @base python-libipa_hbac.x86_64 1.16.2-13.el7 @base python2-ipaclient.noarch 4.6.4-10.el7.centos @base python2-ipalib.noarch 4.6.4-10.el7.centos @base python2-ipaserver.noarch 4.6.4-10.el7.centos @base sssd-ipa.x86_64 1.16.2-13.el7 @base _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
