Re: [Freeipa-users] DNS logs - named.run

Thu, 07 Jun 2012 08:29:34 -0700 

On 06/01/2012 08:17 PM, Jimmy wrote:

Our DNS topology is a very simple, out of the box, FreeIPA config. Our systems
are configured to run independently at completely disparate locations, so
there is very little to the topology besides forward and reverse zones for the
networks served at each site. There are no slaves, and this is the only zone
that has this issue. This is logged in the file /var/named/data/named.run .
DNS has not been modified directly through ldap, only through IPA interfaces.

Thanks,
Jimmy

Currently I could completely rebuild the system and push out the new config to
the sites, but if there is some way to fix this on a running server or get
more debug info to the maillist to possibly find the fix I would greatly
prefer that.
I found the bug in bind-dyndb-ldap. This error message is logged only for zones without idnsUpdatePolicy attribute, right? 

There is a ticket for that problem.
https://fedorahosted.org/bind-dyndb-ldap/ticket/79

Workaround:
Define idnsUpdatePolicy attribute (e.g. "grant E.EXAMPLE krb5-self * A;") and set idnsAllowDynUpdate to FALSE. Dynamic updates will remain disabled and error message will not be logged. 

Thanks for reporting the bug.

Petr^2 Spacek




On Fri, Jun 1, 2012 at 11:45 AM, Petr Spacek <pspa...@redhat.com
<mailto:pspa...@redhat.com>> wrote:

    On 05/31/2012 07:24 PM, Jimmy wrote:

        This message repeats numerous times per minute:

        zone myzone.info/IN <http://myzone.info/IN>: zone serial (2012150501
        <tel:%282012150501>) unchanged. zone may fail
        to transfer to slaves.

        I even went into the admin page and changed the serial manually to see
        if I could get past the message but it just changed the message to
        this:

        zone myzone.info/IN <http://myzone.info/IN>: zone serial (2012150502
        <tel:%282012150502>) unchanged. zone may fail
        to transfer to slaves.

        Why does IPA report this?

        Thanks.


    Hello,

    can you describe your DNS topology?
    Where is it logged?
    Is it on a *slave* server?
    How to reproduce it?

    Current IPA doesn't maintain SOA serial number for updates made directly
    in LDAP (but nsupdate works). Zone transfers are totally broken for that
    reason.

    Fix is on the roadmap: We are discussing how to solve this problem in
    thread
    https://www.redhat.com/__archives/freeipa-devel/2012-__May/msg00044.html
    <https://www.redhat.com/archives/freeipa-devel/2012-May/msg00044.html>.

    Petr^2 Spacek

    _________________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/__mailman/listinfo/freeipa-users
    <https://www.redhat.com/mailman/listinfo/freeipa-users>




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to