On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:

Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
On 10.06.2016 09:09, Günther J. Niederwimmer wrote:

can any help me to clear a question for DNSSEC, NSEC3

I have a domain created with bind and DNSSEC and NSEC3 I test this
and other, not my Domain with


This site from Verisign tell me, I have all Secure and also the A, AAAA

FreeIPA 4.3.1 Centos 7.2
I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list
tell me 4.3.1 is the better version for DNSSEC ?

But when I test my IPA created domain

I miss the A, AAAA Records

can this be correct ?

Thanks for a answer
do you have configured A and AAAA records in zone apex of '4gjn.com'?
Yes I have configured A AAAA Records, but something is wrong with the Zone
File ? when I look on my secondary DNS this is a PDNS then I found total
different entry for esslmaier.at and my 4gjn.com.

I can `dig +dnssec ipa.4gjn.com. A`  with DNSSEC results but for `dig
+dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
Yes I wrote this before but I have no answer, what I can do :-(.

Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
this is all !!!

[root@ipa ~]# ipa dnsrecord-show 4gjn.com. @

   Datensatzname: @
   MX record: 10 smtp.4gjn.com.
   NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,


   TXT record: "v=spf1 mx ip4: ip4:

               ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
ipa dnsrecord-show 4gjn.com. AAAA

ipa: ERROR: AAAA: DNS resource record nicht gefunden

Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some and
you will see :-)
NO ;-(  I have configurede all my server with A and AAAA Records ?

But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second one contains A/AAAA records.

4gjn.com AFAIK is your IPA domain, so it should not contain A/AAAA records by default, unless you manually added them there.

Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for
DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found

I have this Repo


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to