I just realized that my IPA servers cannot resolve ANY servers in my
domain. What do I need to do to fix this? Below is my named.conf.

options {
        // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
        listen-on-v6 {any;};

        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

        forward first;
        forwarders {

        // Any host is permitted to issue recursive queries
        allow-recursion { any; };

        tkey-gssapi-keytab "/etc/named.keytab";
        pid-file "/run/named/named.pid";

/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named
 * so put the default debug log file in data/ :
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
                print-time yes;

zone "." IN {
        type hint;
        file "named.ca";

include "/etc/named.rfc1912.zones";

dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
        arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
        arg "fake_mname freeipa-poc01.bo3.e-bozo.com.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com";
        arg "serial_autoincrement yes";

If life gives you melons, you may be dyslexic.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to