On to, 12 marras 2020, Damjan Kumin via FreeIPA-users wrote:
Hello friends,
I have FreeIPA version 4.8.10 on FC 33. Installation went trough and
when I try NSLOOKUP, and selected server is 127.0.0.53, I can resolve
freeipa host (actual hostname of the server) and internet, for instance
google.com. Then in NSLOOKUP I set server to 10.0.0.2 (this is the
private IP of the freeipa) and check if it can resolve freeipa server -
and it can. But then I try the google.com after and it fails - it fails
basically anything outside of what it hosts. I tried installation with
forwarders but that failed every time I entered our country's DNS and
even with using 1.1.1.1
127.0.0.53 is systemd-resolved, your local caching resolver on Fedora 33
by default.
FreeIPA DNS server has detected it and configured itself to
automatically be proxied to by systemd-resolved on the same host.
If you cannot resolve anything by talking directly to FreeIPA DNS
server, check that your configuration does not have broken DNSSEC
upstream DNS servers and IPA DNS is in fact is validating DNSSEC
responses.
Check /etc/named/ipa-options-ext.conf to see if it is enforcing dnssec
validation.
If using forwarders in ipa-server-install 'failed', you would see debug
information about those failures in /var/log/ipaserver-install.log.
Use 'ipa help dns' to learn about various IPA commands related to DNS
server operations. For each of the commands listed there, you can get
more help with 'ipa <command> --help'.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
