-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Friday, October 03, 2014 8:03 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FW: named and IpA

On 10/03/2014 08:32 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
>
> -----Original Message-----
> From: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
> Sent: Friday, October 03, 2014 7:11 AM
> To: 'Jan Pazdziora'
> Subject: RE: [Freeipa-users] named and IpA
>
> Jan,
>
> Just for kicks, I tried to use the ipa dnsconfig-mod command to add 
> information about the local name server.
>
> I was able to set the forwarding policy but I was only able to set a single 
> forwarder.
>
> If I issued a second forwarder, the previous entry was replaced by the new 
> one and only one forwarder shows as active:
>
> [root@linux named]# ipa dnsconfig-show
>    Global forwarders: 16.112.240.40
>    Forward policy: first
>
> [root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27
>    Global forwarders: 16.112.240.27
>    Forward policy: first
>
> [root@linux named]# ipa dnsconfig-show
>    Global forwarders: 16.112.240.27
>    Forward policy: first
>
> If I attempt to place more than one forwarder in the arguments, I get an 
> error:
>
> [root@linux named]# ipa dnsconfig-mod 
> --forwarder=16.112.240.27;16.112.240.40
> ipa: ERROR: no modifications to be performed
> bash: 16.112.240.40: command not found...

You cannot use an unescaped semicolon
$ man bash
...
DEFINITIONS
...
        metacharacter
               A  character  that,  when unquoted, separates words. One of the
               following:
               |  & ; ( ) < > space tab

>>  Thanks for the reply.    If it is possible to enter more than one forwarder 
>> with the ipa dnsconfig-mod command, can
>>   you show an example ?    I have tried variations with no luck.

Al


>
> The Fedora documentation only gives examples for adding a single 
> forwarder.....so this seems to be a shortcoming in the current implementation.
>
> However, having performed these steps, it still did not allow the local name 
> server to look at anything past the local database or use the designated 
> forwarders.
>
> Al
>
>
> -----Original Message-----
> From: Jan Pazdziora [mailto:jpazdzi...@redhat.com]
> Sent: Thursday, October 02, 2014 11:23 PM
> To: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] named and IpA
>
> On Thu, Oct 02, 2014 at 05:05:10PM +0000, Licause, Al (CSC AMS BCS - 
> UNIX/Linux Network Support) wrote:
>> >From the IdM server we can only lookup local records.  The name
>>> resolver will not
>> attempt to look to another other name servers or domains defined in 
>> /etc/resolv.conf
> What exactly is in your /etc/resolv.conf? Just the IP address of the IPA 
> server (localhost), or some other records?
>
>> If I shutdown IdM using ipactl stop and then restart named, the name 
>> resolver works for local and remote hosts, addresses and domains as 
>> well as serving up the SRV records defined on the local host.
> So if all IdM services are running, you do not seem to have named observing 
> forwarders settings but if you only run named on the IdM machine and nothing 
> else, it starts to observe them?
>
> Can you show dig output for one of the problematic records to see which DNS 
> server is answering the query?
>
> --
> Jan Pazdziora
> Principal Software Engineer, Identity Management Engineering, Red Hat
>

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to