[Freeipa-users] Re: DNS Delegation

[Christian Hernandez via FreeIPA-users]

On Fri, Jul 31, 2020 at 1:52 AM Florence Blanc-Renaud <f...@redhat.com>
wrote:

> On 7/31/20 1:03 AM, Christian Hernandez via FreeIPA-users wrote:
> > I'm having an issue delegating a subdomain. My domain is cloud.chx and I
> > ran the following.
> >
> > ipa dnsrecord-add cloud.chx dc1.ad <http://dc1.ad> --a-rec=192.168.1.253
> > ipa dnsrecord-add 1.168.192.in-addr.arpa. 253 --ptr-rec=dc1.ad.cloud.chx.
> > ipa dnsrecord-add cloud.chx ad --ns-rec=dc1.ad.cloud.chx.
> >
> >
> > I checked and it's in the config
> >
> > [root@ipa1 ~]# dig axfr cloud.chx | grep ad
> > ad.cloud.chx.86400INNSdc1.ad.cloud.chx.
> > dc1.ad.cloud.chx.86400INA192.168.1.253
> >
> >
> > But when I query, it doesn't return what I expected.
> >
> > [root@ipa1 ~]# dig dc1.ad.cloud.chx NS
> >
> > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> dc1.ad.cloud.chx NS
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15346
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;dc1.ad.cloud.chx.INNS
> >
> > ;; Query time: 27 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Thu Jul 30 15:48:03 PDT 2020
> > ;; MSG SIZE  rcvd: 45
> >
> >
> > The other DNS server is up and running.
> >
> > [root@ipa1 ~]# dig @192.168.1.253 <http://192.168.1.253>
> dc1.ad.cloud.chx
> >
> > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @192.168.1.253
> > <http://192.168.1.253> dc1.ad.cloud.chx
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64777
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4000
> > ;; QUESTION SECTION:
> > ;dc1.ad.cloud.chx.INA
> >
> > ;; ANSWER SECTION:
> > dc1.ad.cloud.chx.3600INA192.168.1.253
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 192.168.1.253#53(192.168.1.253)
> > ;; WHEN: Thu Jul 30 15:59:21 PDT 2020
> > ;; MSG SIZE  rcvd: 61
> >
> >
> > This is worth noting that adding +norec works.
> >
> Hi,
>
> my question ma sound stupid but is there an A record for
> dc1.ad.cloud.chx in the DNS server dc1?
>
>

Yes there is (the IP is the IP of dc1.ad.cloud.chx)

[root@ipa1 ~]# dig @192.168.1.253 dc1.ad.cloud.chx  +short
192.168.1.253


> flo
>
> > [root@ipa1 ~]# dig dc1.ad.cloud.chx NS +norec
> >
> > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> dc1.ad.cloud.chx
> > NS +norec
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36273
> > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;dc1.ad.cloud.chx.INNS
> >
> > ;; AUTHORITY SECTION:
> > ad.cloud.chx.86400INNSdc1.ad.cloud.chx.
> >
> > ;; ADDITIONAL SECTION:
> > dc1.ad.cloud.chx.86400INA192.168.1.253
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Thu Jul 30 15:59:39 PDT 2020
> > ;; MSG SIZE  rcvd: 75
> >
> > Is there anything I'm missing?
> >
> >
> > ---
> >
> > Christian Hernandez, RHCE
> >
> > Principal Technical Marketing Manager - Cloud Platforms
> >
> > Red Hat, Inc <https://www.redhat.com/>
> >
> > christ...@redhat.com <mailto:christ...@redhat.com>
> >
> > Mobile: 626.502.8310
> >
> > Slack:  chernand
> >
> > <https://www.redhat.com/>
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> >
>
>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org