On 09/03/15 19:18, Matt Wells wrote:
I'm getting some errors on a DNS Zone that I'm attempting to create.
My systems reside within a sub-domain of example.com.
(xyz.example.com)
Of course example.com is the internet address, but I want to host the
internal example.com so we're able to point to internal intranets and
so on.

So to the good stuff
Regardless of what flags I give, what NS records I change, the NS
never actually set.  I know it's something silly that I'm overlooking
but would really love other eyes.

I go to create the zone on server2.
[root@server2 html]# ipa dnszone-add example.com
   Zone name: example.com.
   Active zone: TRUE
   Authoritative nameserver: server2.xyz.example.com.
   Administrator e-mail address: hostmaster
   SOA serial: 1425924224
   SOA refresh: 3600
   SOA retry: 900
   SOA expire: 1209600
   SOA minimum: 3600
   BIND update policy: grant xyz.example.com krb5-self * A; grant
xyz.example.com krb5-self * AAAA; grant xyz.example.com krb5-self *
SSHFP;
   Dynamic update: FALSE
   Allow query: any;
   Allow transfer: none;
[root@server2 html]# rndc reload
server reload successful

------------
Logs on server1 show this

Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server2.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server1.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: not loaded due to errors.
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]:
update_zone (syncrepl) failed for
'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
outdated, run `rndc reload`: bad zone
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server2.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server1.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: not loaded due to errors.
Mar 09 18:03:48 server1.xyz.example.com named-pkcs11[23279]:
update_zone (syncrepl) failed for
'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
outdated, run `rndc reload`: bad zone
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server2.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server1.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: not loaded due to errors.
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: unable to reload invalid zone; reload triggered by
change in 
'idnsname=_kerberos,idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com':bad
zone
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server2.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: NS 'server1.xyz.example.com' has no address records (A
or AAAA)
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone
example.com/IN: not loaded due to errors.
Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]:
update_zone (syncrepl) failed for
'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be
outdated, run `rndc reload`: bad zone

Hello, do you have proper NS delegation in example.com. zone?

ipa dnsrecord-add example.com. xyz.example.com. --ns-rec=server2.xyz.example.com

Martin

--
Martin Basti

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to