On Mon, 27 Oct 2014 17:50:13 +0000 "Trevor T Kates (Services - 6)" <[email protected]> wrote:
> > -----Original Message----- > > From: Simo Sorce [mailto:[email protected]] > > Sent: Monday, October 27, 2014 12:30 PM > > To: Trevor T Kates (Services - 6) > > Cc: [email protected] > > Subject: Re: [Freeipa-users] Question About Properly Configuring DNS > > > > On Mon, 27 Oct 2014 14:07:42 +0000 > > "Trevor T Kates (Services - 6)" <[email protected]> wrote: > > > > > Hi, all: > > > > > > I have four servers (two in one location, two in another) running > > > IPA 3.0 set to replicate like so: > > > > > > Location A Server 1 - - - - - - - - Location B Server 1 > > > | | > > > | | > > > | | > > > | | > > > Location A Server 2 - - - - - - - - Location B Server 2 > > > > > > Each server has DNS configured; however, I think I have configured > > > something inappropriately with respect to authoritative records. > > > > > > I have eight zones configured and ipa dnszone-show for any one of > > > them has Location B Server 1's name as authoritative. In each of > > > the eight zones, I have added NS records for the other three > > > servers. On all of the servers except Location B Server > > > 1, /var/log/messages will show: > > > > > > client x.xxx.x.xxx#14366: received notify for zone > > > 'x.xxx.x.in-addr.arpa': not authoritative > > > > > > This occurs for most, but not all, zones. Along with this: > > > > > > LDAP query timed out. Try to adjust "timeout" parameter > > > update_record (psearch) failed, dn > > > 'idnsname=xxx,idnsname=x.xxx.xx.in-addr.arpa.,cn=dns,dc=example,dc=com' > > > change type 0x0. Records can be outdated, run `rndc reload`: not > > > found > > > > > > I feel like I've misconfigured a few things along the way and I'd > > > love some help. Along with that if anyone has recommendations on > > > things I should read to help me better understand what I should be > > > doing with DNS, I'd appreciate it. > > > > Uhmm sounds like a bug in reloading the info in the bind ldap > > plugin. > > > > Can you restart named on one of the other servers and tell if the > > warning goes away and/or if the client returns that server as > > authoritative after the bounce ? > > > > Simo. > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > Upon restarting named, 'not authoritative' is not present for any of > the zones and dig on clients shows all of the servers as > authoritative. The restart of named did not always go cleanly, > however. Sometimes, the same timeout issue as before would present > itself. Should I not worry about those? Ok would you be able to opne a bug (bugzilla or trac, either is fine) for the 2 issues ? One seem to be that changing the NS record is not causing a proper change in authoritative status. The second should be about the timeout error you are seeing. Thank you, Simo. > Thanks for your help! > > Trevor T. Kates > > > CONFIDENTIALITY NOTICE: This electronic message contains information > which may be legally confidential and or privileged and does not in > any case represent a firm ENERGY COMMODITY bid or offer relating > thereto which binds the sender without an additional express written > confirmation to that effect. The information is intended solely for > the individual or entity named above and access by anyone else is > unauthorized. If you are not the intended recipient, any disclosure, > copying, distribution, or use of the contents of this information is > prohibited and may be unlawful. If you have received this electronic > transmission in error, please reply immediately to the sender that > you have received the message in error, and delete it. Thank you. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
