Hi,

I am having an issue with the forward first not appear to be working. I have 
two separate IPA servers that server separate realms. I have for the reverse 
zone configured forwarders to point to the other realms IPA server. All 
versions are identical on the IPA servers. I have included details on version 
and tests that show this is not working.

$ yum list installed |grep bind-dyndb-ldap
bind-dyndb-ldap.x86_64                 3.5-4.el7                       @base

$ yum list installed |grep ipa
ipa-admintools.x86_64                  3.3.3-28.0.1.el7.centos.3       @updates
ipa-client.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
ipa-python.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
ipa-server.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
libipa_hbac.x86_64                     1.11.2-68.el7_0.6               @updates
libipa_hbac-python.x86_64              1.11.2-68.el7_0.6               @updates
python-iniparse.noarch                 0.4-9.el7                       @anaconda
sssd-ipa.x86_64

BELOW IS WITH FORWARDING DISABLED. It cannot find 10.1.0.9 but can find 
10.1.20.9. This is expected as this server only has the 10.1.20.9 record.
$ nslookup
> server 10.1.20.9
Default server: 10.1.20.9
Address: 10.1.20.9#53
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

9.20.1.10.in-addr.arpa name = prd-ops-ipa01.uzb.local.
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN

BELOW IS WITH FORWARDING ENABLED. It cannot find 10.1.20.9 but can find 
10.1.0.9. This is expected as the forwarding server only has the 10.1.0.9 
record.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.


BELOW IS WITH FORWARD FIRST ENABLED. It cannot find 10.1.20.9 but can find 
10.1.0.9. This is un-expected as the local zone has the 10.1.20.9 and the 
forward server has the 10.1.0.9 so we should be getting both.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.
ops-ipa01.bbf.local internet address = 10.1.0.9


Any help is greatly appreciated.

Thanks,
Shaun

[cid:1F369212-0E28-4C3C-8955-33CDA7C2FAB4@blackducksoftware.com]
Shaun Martin
IT\OPS Manager
Black Duck Software
O: +1.781.425.4336

Black Duck Software<http://www.blackducksoftware.com/> | 
OpenHUB<https://www.openhub.net/> | 
OSDelivers<http://osdelivers.blackducksoftware.com/> | OSS 
Logistics<https://www.blackducksoftware.com/oss-logistics>

[cid:CC23E6F1-CA96-4E59-978B-D0D9EDE0F2DB@blackducksoftware.com]   
<http://twitter.com/black_duck_sw> 
[cid:AC8F793C-9870-4ECB-B844-3337F98BA51F@blackducksoftware.com]    
<https://www.linkedin.com/company/black-duck-software> 
[cid:AB6B7F6B-C85C-4E52-8B42-9C9A5EB9D0D1@blackducksoftware.com]    
<https://www.facebook.com/BlackDuckSoftware> 
[cid:931AE271-12EC-458A-BB1F-7455AD35B154@blackducksoftware.com]    
<https://plus.google.com/+Blackducksoftware/> 
[cid:8EB9FA0C-F1E0-4E32-9E58-0D6A646A5625@blackducksoftware.com]    
<http://www.slideshare.net/blackducksoftware> 
[cid:1A0AC858-0DCC-44B4-B3D0-8BB35E291B02@blackducksoftware.com]

JP Morgan Chase & Co. Hall of Innovation Inductee 
<https://www.youtube.com/user/BlackDuckSoftware>
<https://www.youtube.com/user/BlackDuckSoftware>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to