On 10.06.2016 18:14, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 18:01:32 CEST schrieb Martin Basti:
On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
Hello,
Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
Hello,
can any help me to clear a question for DNSSEC, NSEC3
I have a domain created with bind and DNSSEC and NSEC3 I test this
Domain
and other, not my Domain with
http://dnsviz.net/d/esslmaier.at/dnssec/
This site from Verisign tell me, I have all Secure and also the A,
AAAA
Records
FreeIPA 4.3.1 Centos 7.2
I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the
list
tell me 4.3.1 is the better version for DNSSEC ?
But when I test my IPA created domain
http://dnsviz.net/d/4gjn.com/dnssec/
I miss the A, AAAA Records
can this be correct ?
Thanks for a answer
Hello,
do you have configured A and AAAA records in zone apex of '4gjn.com'?
Yes I have configured A AAAA Records, but something is wrong with the
Zone
File ? when I look on my secondary DNS this is a PDNS then I found total
different entry for esslmaier.at and my 4gjn.com.
I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig
+dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
Yes I wrote this before but I have no answer, what I can do :-(.
Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
this is all !!!
[root@ipa ~]# ipa dnsrecord-show 4gjn.com. @
Datensatzname: @
MX record: 10 smtp.4gjn.com.
NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,
ns1.gratisdns.dk.
TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28
ip6:2001:470:6f:
8f1::223
ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
ipa dnsrecord-show 4gjn.com. AAAA
ipa: ERROR: AAAA: DNS resource record nicht gefunden
Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some
and
you will see :-)
NO ;-( I have configurede all my server with A and AAAA Records ?
But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second
one contains A/AAAA records.
4gjn.com AFAIK is your IPA domain, so it should not contain A/AAAA
records by default, unless you manually added them there.
When I make a ipa dnsrecord-show
I miss the RRSIG Record ?
ipa dnsrecord-show
Datensatzname: ipa
Zonenname: 4gjn.com
Datensatzname: ipa
A record: 89.26.XXX.6
AAAA record: 2001:470:6f:XXX::204
SSHFP record: 1 1 96CEB1FC971F7916A37D7327DEBD97FAE0B19CDE, 3 2
59ED122BF99D4B149A17B159EF18A277DC0001BE66C14BBDDBF108FB
05763604, 1 2
537DEA114D6232F6698D3B8B940091AE8AE159146764B073B8B77755
8E8789A0, 3 1
02614298C6F2CCF1F2F9BF8FA8A3267589E1FE1B
RRSIG records are not stored in LDAP, they are dynamically generated on
named server for each record, so ipa commands cannot show them, you must use
dig +dnssec @ipaserveraddress ipa.4gjn.com. A
Martin
Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get
for
DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found
4.3.2
I have this Repo
group_freeipa-freeipa-4-3-centos-7-epel-7.repo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
