this is a part of ipaclient-install.log

2012-11-16T12:12:32Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt
zone ipa.domain.tld.
update delete host.ipa.domain.tld. IN SSHFP
update add host.ipa.domain.tld. 1200 IN SSHFP 1 1 904DA80AD2554ABEC354599E6876
update add host.ipa.domain.tld. 1200 IN SSHFP 2 1 0E48943001D3BFB1C0B272C4787C

2012-11-16T12:12:32Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2012-11-16T12:12:32Z DEBUG stdout=
2012-11-16T12:12:32Z DEBUG stderr=update failed: SERVFAIL

I can manually add the A record, but it would be nice to have the
sshfp records automatically added as well :-)

What can be possibly going wrong? This is in a test centos 6.3
environment (fully patched).


do you use IPA managed DNS or own DNS server?

Please provide logs from named if you use IPA managed DNS, ideally with higher debug level.

1) Modify log severity in /etc/named.conf on your DNS server:
logging {
        channel default_debug {
                file "data/named.run";
                severity debug 10;

2) restart named
$ service named restart

3) install a new client - and hope for failure

4) send file /var/named/data/named.run to me

I will look into it.

Thank you for bug report!

Petr^2 Spacek

