On 10/03/2014 09:22 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote:

-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Friday, October 03, 2014 8:03 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FW: named and IpA

On 10/03/2014 08:32 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
-----Original Message-----
From: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
Sent: Friday, October 03, 2014 7:11 AM
To: 'Jan Pazdziora'
Subject: RE: [Freeipa-users] named and IpA

Jan,

Just for kicks, I tried to use the ipa dnsconfig-mod command to add information 
about the local name server.

I was able to set the forwarding policy but I was only able to set a single 
forwarder.

If I issued a second forwarder, the previous entry was replaced by the new one 
and only one forwarder shows as active:

[root@linux named]# ipa dnsconfig-show
    Global forwarders: 16.112.240.40
    Forward policy: first

[root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27
    Global forwarders: 16.112.240.27
    Forward policy: first

[root@linux named]# ipa dnsconfig-show
    Global forwarders: 16.112.240.27
    Forward policy: first

If I attempt to place more than one forwarder in the arguments, I get an error:

[root@linux named]# ipa dnsconfig-mod
--forwarder=16.112.240.27;16.112.240.40
ipa: ERROR: no modifications to be performed
bash: 16.112.240.40: command not found...
You cannot use an unescaped semicolon
$ man bash
...
DEFINITIONS
...
         metacharacter
                A  character  that,  when unquoted, separates words. One of the
                following:
                |  & ; ( ) < > space tab

  Thanks for the reply.    If it is possible to enter more than one forwarder 
with the ipa dnsconfig-mod command, can
   you show an example ?    I have tried variations with no luck.
Al

Have you tried multiple --forwarder flags? e.g. # ipa dnsconfig-mod --forwarder=16.112.240.27 --forwarder=16.112.240.40 ...



The Fedora documentation only gives examples for adding a single 
forwarder.....so this seems to be a shortcoming in the current implementation.

However, having performed these steps, it still did not allow the local name 
server to look at anything past the local database or use the designated 
forwarders.

Al


-----Original Message-----
From: Jan Pazdziora [mailto:jpazdzi...@redhat.com]
Sent: Thursday, October 02, 2014 11:23 PM
To: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] named and IpA

On Thu, Oct 02, 2014 at 05:05:10PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux 
Network Support) wrote:
>From the IdM server we can only lookup local records.  The name
resolver will not
attempt to look to another other name servers or domains defined in
/etc/resolv.conf
What exactly is in your /etc/resolv.conf? Just the IP address of the IPA server 
(localhost), or some other records?

If I shutdown IdM using ipactl stop and then restart named, the name
resolver works for local and remote hosts, addresses and domains as
well as serving up the SRV records defined on the local host.
So if all IdM services are running, you do not seem to have named observing 
forwarders settings but if you only run named on the IdM machine and nothing 
else, it starts to observe them?

Can you show dig output for one of the problematic records to see which DNS 
server is answering the query?

--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to