Hi, you can log the debug messages from bind and check if they provide any additional hint.
sed -i "s/severity info;/severity debug;/" /etc/named/ipa-logging-ext.conf systemctl restart named Then perform a dig query outside the ipa domain and check the logs in /var/named/data/*log. HTH, flo On Thu, Nov 24, 2022 at 11:12 AM Rob Verduijn <[email protected]> wrote: > Hello, dnssec validation was already off. > And it still fails. > > Rob > > Op do 24 nov. 2022 08:49 schreef Florence Blanc-Renaud <[email protected]>: > >> Hi, >> I wonder if you're hitting *Bug 1999321* >> <https://bugzilla.redhat.com/show_bug.cgi?id=1999321> - DNS often stops >> resolving properly after FreeIPA server upgrade to Fedora 35 or 36 >> >> The workaround would be to disable dnssec validation. Edit >> /etc/named/ipa-options-ext.conf or /etc/named.conf (depending on your >> version) and replace >> dnssec-validation yes >> with >> dnssec-validation no >> >> Then restart named. >> >> HTH, >> flo >> >> On Tue, Nov 22, 2022 at 3:59 PM Rob Verduijn via FreeIPA-users < >> [email protected]> wrote: >> >>> Hello, >>> >>> I've found an issue with my ipa dns setup. >>> >>> all local dns queries work fine. >>> However queries outside my ipa domain fail most of the time. >>> >>> I found this error in the logs: >>> managed-keys-zone: Unable to fetch DNSKEY set '.': timed out >>> >>> I think that this causes my problems with external dns. >>> >>> Anybody who knows how to deal with this ? >>> Rob >>> _______________________________________________ >>> FreeIPA-users mailing list -- [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> Do not reply to spam, report it: >>> https://pagure.io/fedora-infrastructure/new_issue >>> >>
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
