On 12.6.2016 20:47, Nuno Higgs wrote: > Hello all, > > > > I have a IPA server - IPA 4.2 - and i have added a new IPA to geographic > replication. > > > > I have added it as stated in the documentation here: > <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ht > ml/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replic > a.html#replica-install-with-dns> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm > l/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica > .html#replica-install-with-dns > > > > All was replicated correctly, and i can do a kinit user@DOMAIN with success > within the replica. > > However there is a problem with the DNS sections: > > > > Although it DNS is ok, my configuration within IPA on the first server > regarding DNS zones that are set on forward only are not. > > In my first server, i can do a forward of domain - let's say > <http://domain.eu> domain.eu. On the second server (replica) the forward is > shown configured correctly within the webgui but it does not work, giving a > NX error on query <http://www.domain.eu> www.domain.eu (the A Record exists > and is shown on the first server). It also shows on dig on the replica (dig > @x.x.x.x www.domain.eu), so it isn't a network permissions issue. > > > > I have deleted the zone on the master (and replica), and recreated it. On > the first server, it worked fine. On the replica the problem persisted. > > > > Am I missing anything? Is there a undocumented trick, or have i missed > something?
Hello, it could be either a DNS configuration problem or a LDAP replication problem. Please show us output from command: $ ipa dnsforwardzone-show domain.eu from all IPA servers you have. The output should be the same. If it is not the same then you are most likely facing an replication problem, please see http://www.freeipa.org/page/Troubleshooting#Replication_issues -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project