On 09/11/16 12:43, Martin Basti wrote:


On 09.11.2016 12:15, lejeczek wrote:


On 08/11/16 19:37, Martin Basti wrote:


On 08.11.2016 19:41, lejeczek wrote:
hi everyone
when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled)
Do these record need fixing?
I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!??

$ ipa dnsrecord-find xx.xx.xx.xx.x.
  Record name: @
  NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x.,
             dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x.

  Record name: _kerberos
  TXT record: .xx.xx..xx.xx.x

Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
  SRV record: 0 100 88 rider, 0 100 88 work5

Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
  SRV record: 0 100 389 rider, 0 100 389 work5

Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
  SRV record: 0 100 88 rider, 0 100 88 work5

  Record name: _kerberos._tcp.dc._msdcs
  SRV record: 0 100 88 rider, 0 100 88 work5

  Record name: _ldap._tcp.dc._msdcs
  SRV record: 0 100 389 rider, 0 100 389 work5

  Record name: _kerberos._udp.dc._msdcs
  SRV record: 0 100 88 rider, 0 100 88 work5

  Record name: _kerberos._tcp
SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir

  Record name: _kerberos-master._tcp
SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir

  Record name: _kpasswd._tcp
SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale

  Record name: _ldap._tcp
SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider

  Record name: _kerberos._udp
SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir

  Record name: _kerberos-master._udp
SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir

  Record name: _kpasswd._udp
SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale

  Record name: _ntp._udp
SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir

thanks.
L.



Hello,

if server work5 is uninstalled, then work5 SRV records should be removed.

Martin

Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query.
Zone allows any to query it.



What dig @rider  command returns for SRV queries?

don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there)

$ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.xx.xx..xx.xx.x. IN ANY

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.xx.xx..xx.xx.x. IN ANY

;; AUTHORITY SECTION:
.xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600

;; Query time: 5 msec
;; SERVER: 10.5.6.100#53(10.5.6.100)
;; WHEN: Wed Nov 09 12:56:16 GMT 2016
;; MSG SIZE  rcvd: 120

I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there.



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to