On Fri, 15 Jul 2016, dan.finkelst...@high5games.com wrote:
There was a solution: explicitly disable DNSSEC in /etc/named.conf on
all IPA masters/replicas and restart the named-pkcs11 service. After
that, zone forwarding worked as expected.
If your DNS upstreams don't provide DNSSEC, it is enough to disable
dnssec validation in named.conf.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to