On 10.6.2016 14:21, Günther J. Niederwimmer wrote: > Hello, > > Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: >> On 10.06.2016 09:09, Günther J. Niederwimmer wrote: >>> Hello, >>> >>> can any help me to clear a question for DNSSEC, NSEC3 >>> >>> I have a domain created with bind and DNSSEC and NSEC3 I test this Domain >>> and other, not my Domain with >>> >>> http://dnsviz.net/d/esslmaier.at/dnssec/ >>> >>> This site from Verisign tell me, I have all Secure and also the A, AAAA >>> Records >>> >>> FreeIPA 4.3.1 Centos 7.2 > > I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list > tell me 4.3.1 is the better version for DNSSEC ? > >>> But when I test my IPA created domain >>> http://dnsviz.net/d/4gjn.com/dnssec/ >>> >>> I miss the A, AAAA Records >>> >>> can this be correct ? >>> >>> Thanks for a answer >> >> Hello, >> do you have configured A and AAAA records in zone apex of '4gjn.com'? > > Yes I have configured A AAAA Records, but something is wrong with the Zone > File > ? when I look on my secondary DNS this is a PDNS then I found total different > entry for esslmaier.at and my 4gjn.com. > > >> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig >> +dnssec 4gjn.com. A` , it looks like there is no A/AAAA records. > Yes I wrote this before but I have no answer, what I can do :-(. > >> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? > > this is all !!! > > [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ > Datensatzname: @ > MX record: 10 smtp.4gjn.com. > NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., > ns1.gratisdns.dk. > TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: > 8f1::223 > ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" > > ipa dnsrecord-show 4gjn.com. AAAA > ipa: ERROR: AAAA: DNS resource record nicht gefunden > > Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some and you will see :-) Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for DNSSEC. There is many bugs in older versions. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project