On 10.06.2016 18:14, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 18:01:32 CEST schrieb Martin Basti:
On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
Hello,

Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
Hello,

can any help me to clear a question for DNSSEC, NSEC3

I have a domain created with bind and DNSSEC and NSEC3 I test this
Domain
and other, not my Domain with

http://dnsviz.net/d/esslmaier.at/dnssec/

This site from Verisign tell me, I have all Secure and also the A,
AAAA
Records

FreeIPA 4.3.1 Centos 7.2
I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the
list
tell me 4.3.1 is the better version for DNSSEC ?

But when I test my IPA created domain
http://dnsviz.net/d/4gjn.com/dnssec/

I miss the A, AAAA Records

can this be correct ?

Thanks for a answer
Hello,
do you have configured A and AAAA records in zone apex of '4gjn.com'?
Yes I have configured A AAAA Records, but something is wrong with the
Zone
File ? when I look on my secondary DNS this is a PDNS then I found total
different entry for esslmaier.at and my 4gjn.com.

I can `dig +dnssec ipa.4gjn.com. A`  with DNSSEC results but for `dig
+dnssec 4gjn.com. A` , it looks like there is no A/AAAA records.
Yes I wrote this before but I have no answer, what I can do :-(.

Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
this is all !!!

[root@ipa ~]# ipa dnsrecord-show 4gjn.com. @

    Datensatzname: @
    MX record: 10 smtp.4gjn.com.
    NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,

ns1.gratisdns.dk.

    TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28
ip6:2001:470:6f:
8f1::223

                ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
ipa dnsrecord-show 4gjn.com. AAAA

ipa: ERROR: AAAA: DNS resource record nicht gefunden

Is this a LDAP Problem ?
Apparently you do not have any A/AAAA records defined in IPA. Add some
and
you will see :-)
NO ;-(  I have configurede all my server with A and AAAA Records ?
But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second
one contains A/AAAA records.

4gjn.com AFAIK is your IPA domain, so it should not contain A/AAAA
records by default, unless you manually added them there.
When I make a ipa dnsrecord-show

I miss the RRSIG Record ?

ipa dnsrecord-show
Datensatzname: ipa
Zonenname: 4gjn.com
   Datensatzname: ipa
   A record: 89.26.XXX.6
   AAAA record: 2001:470:6f:XXX::204
   SSHFP record: 1 1 96CEB1FC971F7916A37D7327DEBD97FAE0B19CDE, 3 2
                 59ED122BF99D4B149A17B159EF18A277DC0001BE66C14BBDDBF108FB
05763604, 1 2
                 537DEA114D6232F6698D3B8B940091AE8AE159146764B073B8B77755
8E8789A0, 3 1
                 02614298C6F2CCF1F2F9BF8FA8A3267589E1FE1B

RRSIG records are not stored in LDAP, they are dynamically generated on named server for each record, so ipa commands cannot show them, you must use

dig +dnssec @ipaserveraddress ipa.4gjn.com. A

Martin


Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get
for
DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found
4.3.2

I have this Repo

group_freeipa-freeipa-4-3-centos-7-epel-7.repo



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to