El mar, 21-06-2011 a las 12:12 +0200, Adam Tkac escribió:
> On 06/16/2011 09:38 PM, Loris Santamaria wrote:
> > El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió:
> >> On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote:
> >>> Hi,
> >>>
> >>> I would like to use my freeIPA v2 server as my master name server and
> >>> have other normal (non ldap based) bind servers as caching / secondary
> >>> name servers. Ideally the clients would query only the secondary servers
> >>> and the secondary name servers would perform regular zone transfers from
> >>> the master server.
> >>>
> >>> So I'm trying to setup zone transfer in my IPA based name server. First
> >>> of all I see that the attribute "idnsAllowTransfer" referenced in the
> >>> bind-dyndb-ldap documentation is not really supported in the schema
> >>> installed in IPA. Next, using a global "allow-transfer" in named.conf
> >>> doesn't work also.
> >> A global allow-transfer should work, have you restarted named after
> >> setting it ?
> >>
> >> If it doesn't work we may have a bug.
> > I'm adding to named.conf options section:
> >
> > allow-transfer { 127.0.0.1; };
> >
> > then I restart named and try a zone transfer on the same host:
> >
> > # host -l ipa.corpfbk. 127.0.0.1
> > ; Transfer failed.
> > Using domain server:
> > Name: 127.0.0.1
> > Address: 127.0.0.1#53
> > Aliases:
> >
> > Host ipa.corpfbk not found: 9(NOTAUTH)
> > ; Transfer failed.
> >
> > In the logs I get:
> >
> > Jun 16 11:10:26 ipa01 named[30044]: client 127.0.0.1#59303: bad zone
> > transfer request: 'ipa.corpfbk/IN': non-authoritative zone (NOTAUTH)
> >
> Hello Loris,
>
> the bind-dyndb-ldap plugin currently doesn't support zone transfers but
> you should receive SERVFAIL error in this case, not NOTAUTH.
>
> Are you sure the 127.0.0.1 server is authoritative for the ipa.corpfbk
> zone? Can you please post output of "dig @127.0.0.1 ipa.corpfbk SOA" here?The zone's SOA seems right to me: [root@ipa01 ~]# dig @127.0.0.1 ipa.corpfbk SOA ; <<>> DiG 9.8.0-P1-RedHat-9.8.0-3.P1.fc15 <<>> @127.0.0.1 ipa.corpfbk SOA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43430 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ipa.corpfbk. IN SOA ;; ANSWER SECTION: ipa.corpfbk. 86400 IN SOA ipa01.central.corpfbk. soporte.tiendaskioto.com. 2011020601 3600 900 1209600 3600 ;; AUTHORITY SECTION: ipa.corpfbk. 86400 IN NS ipa01.central.corpfbk. ;; ADDITIONAL SECTION: ipa01.central.corpfbk. 86400 IN A 192.168.3.6 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 21 09:15:43 2011 ;; MSG SIZE rcvd: 133 -- Loris Santamaria linux user #70506 xmpp:[email protected] Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:[email protected] ------------------------------------------------------------ -O9 -omg-optimize -fomit-instructions
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
