On 2.12.2014 17:36, Martin Basti wrote: > On 02/12/14 17:28, Matthew Herzog wrote: >> I just realized that my IPA servers cannot resolve ANY servers in my domain. >> What do I need to do to fix this? Below is my named.conf. >> >> >> options { >> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces >> listen-on-v6 {any;}; >> >> // Put files that named is allowed to write in the data/ directory: >> directory "/var/named"; // the default >> dump-file "data/cache_dump.db"; >> statistics-file "data/named_stats.txt"; >> memstatistics-file "data/named_mem_stats.txt"; >> >> forward first; >> forwarders { >> 10.100.8.41; >> 10.100.8.40; >> 10.100.4.13; >> 10.100.4.14; >> 10.100.4.19; >> 10.100.4.44; >> }; >> >> // Any host is permitted to issue recursive queries >> allow-recursion { any; }; >> >> tkey-gssapi-keytab "/etc/named.keytab"; >> pid-file "/run/named/named.pid"; >> }; >> >> /* If you want to enable debugging, eg. using the 'rndc trace' command, >> * By default, SELinux policy does not allow named to modify the /var/named >> directory, >> * so put the default debug log file in data/ : >> */ >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> print-time yes; >> }; >> }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca <http://named.ca>"; >> }; >> >> include "/etc/named.rfc1912.zones"; >> >> dynamic-db "ipa" { >> library "ldap.so"; >> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket"; >> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com"; >> arg "fake_mname freeipa-poc01.bo3.e-bozo.com >> <http://freeipa-poc01.bo3.e-bozo.com>."; >> arg "auth_method sasl"; >> arg "sasl_mech GSSAPI"; >> arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com >> <http://freeipa-poc01.bo3.e-bozo.com>"; >> arg "serial_autoincrement yes"; >> }; >> >> >> >> > Hello, > > which version ipa do you use? which platform? Which version bind-dyndb-ldap? > > Can you run these commands, and check if there any errors? > ipactl status > systemctl status named (respectively journalctl -u named)
We also may want to see information listed on page https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project