I am seeing inconsistent results configuring a DNS forward zone.

At a bash prompt, as root, after kinit admin, I do:
ipa dnsforwardzone-add domain.internal  --forwarder= ww.xx.yy.zz 

That works fine and does not warn about DNSSEC.

In a Java webapp running as root under a Jetty, I run a shell sub-process and 
issue the kinit and the same ipa statement.
_Sometimes_, I get
ipa: WARNING: DNSSEC validation failed: record 'domain.internal. SOA' failed 
DNSSEC validation on server ww.xx.yy.zz.
Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA 

I modified the /etc/named.conf file to say:
                dnssec-enable no;
      dnssec-validation no;

and systemctl restart ipa

Any clue why the results are different?

ipa –version: VERSION: 4.4.0, API_VERSION: 2.213
Linux … 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux

Thanks for any insight!


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to