Of course, as soon as I send this I notice the --no-host-dns. Figures.
On Tue, Nov 5, 2013 at 11:33 PM, Brett Foster <fost...@edgeandvertex.org>wrote:
> Alright -- I'm stumped. What is the motivation for requiring reverse
> lookups for replicas? Is there a way to turn the check off? Others ideas?
> Here's what I got:
> I set up freeipa server and client. The systems are connected over OpenVPN
> to create a private network between clients and server (10.5.x.x). Traffic
> to 10.5.0.x subset is routed over VPN; otherwise traffic uses the local
> network connection (including DNS servers provided over DHCP).
> For better or worse, I found myself exposing the internal addresses via
> the public interface of the FreeIPA server. This, however, makes it
> impossible to do the reverse lookup of internal servers.
> Clients and freeipa server appear to be happy with this arrangement.
> Replica not so much.
> FreeIPA Server: 10.5.0.1
> FreeIPA Replica: 10.5.0.2
> Client 1: 10.5.0.3
> Client 2: 10.5.0.4
> and so on...
> 2013-11-06T06:53:41Z DEBUG Check reverse address of 10.5.0.1
> 2013-11-06T06:53:46Z DEBUG Check failed: [Errno 1] Unknown host
> 2013-11-06T06:53:46Z DEBUG The ipa-replica-install command failed,
> exception: HostReverseLookupError: Unable to resolve the reverse ip
> address, check /etc/hosts or DNS name resolution
Freeipa-users mailing list