El mar, 21-06-2011 a las 12:12 +0200, Adam Tkac escribió:
> On 06/16/2011 09:38 PM, Loris Santamaria wrote:
> > El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió:
> >> On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote:
> >>> Hi,
> >>>
> >>> I would like to use my freeIPA v2 server as my master name server and
> >>> have other normal (non ldap based) bind servers as caching / secondary
> >>> name servers. Ideally the clients would query only the secondary servers
> >>> and the secondary name servers would perform regular zone transfers from
> >>> the master server.
> >>>
> >>> So I'm trying to setup zone transfer in my IPA based name server. First
> >>> of all I see that the attribute "idnsAllowTransfer" referenced in the
> >>> bind-dyndb-ldap documentation is not really supported in the schema
> >>> installed in IPA. Next, using a global "allow-transfer" in named.conf
> >>> doesn't work also.
> >> A global allow-transfer should work, have you restarted named after
> >> setting it ?
> >>
> >> If it doesn't work we may have a bug.
> > I'm adding to named.conf options section:
> >
> > allow-transfer { 127.0.0.1; };
> >
> > then I restart named and try a zone transfer on the same host:
> >
> > # host -l ipa.corpfbk. 127.0.0.1
> > ; Transfer failed.
> > Using domain server:
> > Name: 127.0.0.1
> > Address: 127.0.0.1#53
> > Aliases: 
> >
> > Host ipa.corpfbk not found: 9(NOTAUTH)
> > ; Transfer failed.
> >
> > In the logs I get:
> >
> > Jun 16 11:10:26 ipa01 named[30044]: client 127.0.0.1#59303: bad zone 
> > transfer request: 'ipa.corpfbk/IN': non-authoritative zone (NOTAUTH)
> >
> Hello Loris,
> 
> the bind-dyndb-ldap plugin currently doesn't support zone transfers but
> you should receive SERVFAIL error in this case, not NOTAUTH.
> 
> Are you sure the 127.0.0.1 server is authoritative for the ipa.corpfbk
> zone? Can you please post output of "dig @127.0.0.1 ipa.corpfbk SOA" here?

The zone's SOA seems right to me:

[root@ipa01 ~]# dig @127.0.0.1 ipa.corpfbk SOA

; <<>> DiG 9.8.0-P1-RedHat-9.8.0-3.P1.fc15 <<>> @127.0.0.1 ipa.corpfbk SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43430
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;ipa.corpfbk.                   IN      SOA

;; ANSWER SECTION:
ipa.corpfbk.            86400   IN      SOA     ipa01.central.corpfbk. 
soporte.tiendaskioto.com. 2011020601 3600 900 1209600 3600

;; AUTHORITY SECTION:
ipa.corpfbk.            86400   IN      NS      ipa01.central.corpfbk.

;; ADDITIONAL SECTION:
ipa01.central.corpfbk.  86400   IN      A       192.168.3.6

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 21 09:15:43 2011
;; MSG SIZE  rcvd: 133



-- 
Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve
------------------------------------------------------------
-O9 -omg-optimize -fomit-instructions

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to