list members,

i am using bind-dyndb-ldap without freeipa, and i consistently get the below errors in my logs:


update_zone (syncrepl) failed for master zone DN 'idnsName=24.168.192.in-addr.arpa.,cn=dns,ou=Daemons,dc=bpk2,dc=com'. Zones can be outdated, run `rndc reload`: unexpected error

the zone that has issue varies, but it is always a zone that allows dynamic updates. it seems that some replication event fails and a manual resync of things has to be performed. any ideas what might be going on?

fedora 24, with nearly all recent updates
bind-9.10.4-3.P6.fc24.x86_64
bind-dyndb-ldap-10.1-1.fc24.x86_64
openldap-2.4.44-1.fc24.x86_64

i have multi master replication configured between 2 masters, and no other replication events seem to fail. i am not sure where to look for issues.

named.conf:
    dynamic-db "bpk2.com" {
            library "ldap.so";
            arg "uri ldap://192.168.88.1";;
            arg "base cn=dns,ou=Daemons,dc=bpk2,dc=com";


            arg "auth_method sasl";
            arg "sasl_mech GSSAPI";
            arg "sasl_realm BPK2.COM";
            arg "krb5_keytab FILE:/etc/named.keytab";
            arg "krb5_principal DNS/server1.bpk2.com";
            arg "ldap_hostname server1.bpk2.com";

            arg "fake_mname dns.bpk2.com.";
            arg "dyn_update yes";
            arg "connections 2";
    };

zone config:
dn: idnsName=24.168.192.in-addr.arpa.,cn=dns,ou=Daemons,dc=bpk2,dc=com
dnsttl: 3600
idnsallowdynupdate: TRUE
idnsallowquery: any;
idnsallowsyncptr: TRUE
idnsname: 24.168.192.in-addr.arpa.
idnssoaexpire: 604800
idnssoaminimum: 86400
idnssoamname: dns.bpk2.com.
idnssoarefresh: 10800
idnssoaretry: 900
idnssoarname: root.bpk2.com.
idnssoaserial: 1491999811
idnsupdatepolicy: grant dhcp wildcard * any;
idnszoneactive: TRUE
nsrecord: dns.bpk2.com.
objectclass: top
objectclass: idnsZone
objectclass: idnsRecord

any help would be appreciated.

thanks,

brendan

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to