Ok,
the IPA ui tells me:
DNS Server 10.0.0.205: query 'service.consul. SOA': The DNS response does
not contain an answer to the question: service.consul. IN SOA.
But the TCPdump tells me that it got answered:
08:10:01.466563 IP (tos 0x0, ttl 64, id 36617, offset 0, flags [DF], proto
UDP (17), length 63)
10.0.255.12.56423 > 10.0.0.205.53: [bad udp cksum 0x1416 -> 0x9fa4!]
28861+ SOA? service.consul. (35)
08:10:01.468357 IP (tos 0x0, ttl 63, id 32897, offset 0, flags [none],
proto UDP (17), length 233)
10.0.0.205.53 > 10.0.255.12.56423: [udp sum ok] 28861* q: SOA?
service.consul. 1/3/3 consul. SOA ns.consul. hostmaster.consul. 1605856201
3600 600 86400 0 ns: consul. NS stack1.node.fra1.consul., consul. NS
mgmt5.node.fra1.consul., consul. NS stack3.node.fra1.consul. ar:
stack1.node.fra1.consul. A 10.0.240.11, mgmt5.node.fra1.consul. A
10.0.0.205, stack3.node.fra1.consul. A 10.0.240.13 (205)
Someone got an idea what I am missing?
Am Do., 19. Nov. 2020 um 16:50 Uhr schrieb Boris Behrens <[email protected]>:
> Hi,
>
> I have a very strange problem:
>
> I would like to add a CNAME to the IPA DNS server, that resolves to an
> internal domain which is forwarded from our central DNSmasq to our consul.
>
> I created a zone called test.boris and added a CNAME record
> cname.test.boris IN CNAME cname.stage.consul.
>
> The DNSmasq config forwards consul to 10.1.2.3:8600.
>
> When I now query for the cname.test.boris. I get
> cname.test.boris. in CNAME cname.stage.consul.
> cname.stage.consul. NXDOMAIN.
> After some debugging I came to the conclusion that the NXDOMAIN response
> comes from freeIPA which tries to resolv this, but consul. is not in the
> world wide root zone it does not work.
>
> Now I added a forward zone which tells IPA to forward this request back to
> DNSmasq.
> In the TCP dump I can trace the package and I see that DNSmasq send the
> correct address back to freeIPA which answers with an empty A record.
>
> What am I doing wrong?
>
> --
> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
> groüen Saal.
>
--
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
