On 10.06.2016 18:14, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 18:01:32 CEST schrieb Martin Basti:
On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:

Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
On 10.06.2016 09:09, Günther J. Niederwimmer wrote:

can any help me to clear a question for DNSSEC, NSEC3

I have a domain created with bind and DNSSEC and NSEC3 I test this
and other, not my Domain with


This site from Verisign tell me, I have all Secure and also the A,

FreeIPA 4.3.1 Centos 7.2
I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the
tell me 4.3.1 is the better version for DNSSEC ?

But when I test my IPA created domain

I miss the A, AAAA Records

can this be correct ?

Thanks for a answer
do you have configured A and AAAA records in zone apex of '4gjn.com'?
Yes I have configured A AAAA Records, but something is wrong with the
File ? when I look on my secondary DNS this is a PDNS then I found total
different entry for esslmaier.at and my 4gjn.com.

I can `dig +dnssec ipa.4gjn.com. A`  with DNSSEC results but for `dig
+dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
Yes I wrote this before but I have no answer, what I can do :-(.

Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
this is all !!!

[root@ipa ~]# ipa dnsrecord-show 4gjn.com. @

    Datensatzname: @
    MX record: 10 smtp.4gjn.com.
    NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,


    TXT record: "v=spf1 mx ip4: ip4:

                ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
ipa dnsrecord-show 4gjn.com. AAAA

ipa: ERROR: AAAA: DNS resource record nicht gefunden

Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some
you will see :-)
NO ;-(  I have configurede all my server with A and AAAA Records ?
But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second
one contains A/AAAA records.

4gjn.com AFAIK is your IPA domain, so it should not contain A/AAAA
records by default, unless you manually added them there.
When I make a ipa dnsrecord-show

I miss the RRSIG Record ?

ipa dnsrecord-show
Datensatzname: ipa
Zonenname: 4gjn.com
   Datensatzname: ipa
   A record: 89.26.XXX.6
   AAAA record: 2001:470:6f:XXX::204
   SSHFP record: 1 1 96CEB1FC971F7916A37D7327DEBD97FAE0B19CDE, 3 2
05763604, 1 2
8E8789A0, 3 1

RRSIG records are not stored in LDAP, they are dynamically generated on named server for each record, so ipa commands cannot show them, you must use

dig +dnssec @ipaserveraddress ipa.4gjn.com. A


Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get
DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found

I have this Repo


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to