Ah....excellent suggestion !

Thanks very much that worked.....

[root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27 
--forwarder=16.112.240.40
  Global forwarders: 16.112.240.27, 16.112.240.40
  Forward policy: first

Unfortunately it didn't fix the problem......while IdM is running the local 
name server still can't resolve any hosts
or addresses out unknown to the local name server.

Al



-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Friday, October 03, 2014 9:44 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FW: FW: named and IpA

On 10/03/2014 09:22 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
>
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
> Sent: Friday, October 03, 2014 8:03 AM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] FW: named and IpA
>
> On 10/03/2014 08:32 AM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
> Support) wrote:
>> -----Original Message-----
>> From: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
>> Sent: Friday, October 03, 2014 7:11 AM
>> To: 'Jan Pazdziora'
>> Subject: RE: [Freeipa-users] named and IpA
>>
>> Jan,
>>
>> Just for kicks, I tried to use the ipa dnsconfig-mod command to add 
>> information about the local name server.
>>
>> I was able to set the forwarding policy but I was only able to set a single 
>> forwarder.
>>
>> If I issued a second forwarder, the previous entry was replaced by the new 
>> one and only one forwarder shows as active:
>>
>> [root@linux named]# ipa dnsconfig-show
>>     Global forwarders: 16.112.240.40
>>     Forward policy: first
>>
>> [root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27
>>     Global forwarders: 16.112.240.27
>>     Forward policy: first
>>
>> [root@linux named]# ipa dnsconfig-show
>>     Global forwarders: 16.112.240.27
>>     Forward policy: first
>>
>> If I attempt to place more than one forwarder in the arguments, I get an 
>> error:
>>
>> [root@linux named]# ipa dnsconfig-mod
>> --forwarder=16.112.240.27;16.112.240.40
>> ipa: ERROR: no modifications to be performed
>> bash: 16.112.240.40: command not found...
> You cannot use an unescaped semicolon
> $ man bash
> ...
> DEFINITIONS
> ...
>          metacharacter
>                 A  character  that,  when unquoted, separates words. One of 
> the
>                 following:
>                 |  & ; ( ) < > space tab
>
>>>   Thanks for the reply.    If it is possible to enter more than one 
>>> forwarder with the ipa dnsconfig-mod command, can
>>>    you show an example ?    I have tried variations with no luck.
> Al

Have you tried multiple --forwarder flags?  e.g. # ipa dnsconfig-mod
--forwarder=16.112.240.27 --forwarder=16.112.240.40 ...

>
>
>> The Fedora documentation only gives examples for adding a single 
>> forwarder.....so this seems to be a shortcoming in the current 
>> implementation.
>>
>> However, having performed these steps, it still did not allow the local name 
>> server to look at anything past the local database or use the designated 
>> forwarders.
>>
>> Al
>>
>>
>> -----Original Message-----
>> From: Jan Pazdziora [mailto:jpazdzi...@redhat.com]
>> Sent: Thursday, October 02, 2014 11:23 PM
>> To: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
>> Cc: freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] named and IpA
>>
>> On Thu, Oct 02, 2014 at 05:05:10PM +0000, Licause, Al (CSC AMS BCS - 
>> UNIX/Linux Network Support) wrote:
>>> >From the IdM server we can only lookup local records.  The name
>>>> resolver will not
>>> attempt to look to another other name servers or domains defined in 
>>> /etc/resolv.conf
>> What exactly is in your /etc/resolv.conf? Just the IP address of the IPA 
>> server (localhost), or some other records?
>>
>>> If I shutdown IdM using ipactl stop and then restart named, the name 
>>> resolver works for local and remote hosts, addresses and domains as 
>>> well as serving up the SRV records defined on the local host.
>> So if all IdM services are running, you do not seem to have named observing 
>> forwarders settings but if you only run named on the IdM machine and nothing 
>> else, it starts to observe them?
>>
>> Can you show dig output for one of the problematic records to see which DNS 
>> server is answering the query?
>>
>> --
>> Jan Pazdziora
>> Principal Software Engineer, Identity Management Engineering, Red Hat
>>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to