Kristian Petersen via FreeIPA-users wrote: > Hey all, > > I am using IPA for my DNS and have 3 total servers in the group. 2 of > them are responding to queries just fine, but the 3rd (which is bare > metal, not a VM like the others) is not resolving the queries issued to > it. Running ipactl status returns all services running: > > [root@ipa3 /]# ipactl status > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > *named Service: RUNNING * > httpd Service: RUNNING > ipa-custodia Service: RUNNING > ntpd Service: RUNNING > pki-tomcatd Service: RUNNING > ipa-otpd Service: RUNNING > ipa-dnskeysyncd Service: RUNNING > ipa: INFO: The ipactl command was successful > > We tried restarting the services but didn't change anything. Next we > tries to do a forced sync of the server with one of its working replicas: > > ipa-replica-manage force-sync --from ipa1.example.com > <http://ipa1.example.com> > > We also tried re-initializing the non-working replica: > > ipa-replica-manage re-initialize --from ipa1.example.com > <http://ipa1.example.com> > > However, it still won't resolve any queries directed to it. Any ideas > of what to try next?
Can you clarify what doesn't resolve means? Is dig timing out, returning the wrong data, etc? Is that on the same host or another host? What do the bind logs show? journalctl? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
