I am seeing inconsistent results configuring a DNS forward zone.
At a bash prompt, as root, after kinit admin, I do:
ipa dnsforwardzone-add domain.internal --forwarder= ww.xx.yy.zz
--forward-policy=only
That works fine and does not warn about DNSSEC.
In a Java webapp running as root under a Jetty, I run a shell sub-process and
issue the kinit and the same ipa statement.
_Sometimes_, I get
ipa: WARNING: DNSSEC validation failed: record 'domain.internal. SOA' failed
DNSSEC validation on server ww.xx.yy.zz.
Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA
servers.
I modified the /etc/named.conf file to say:
dnssec-enable no;
dnssec-validation no;
and systemctl restart ipa
Any clue why the results are different?
ipa –version: VERSION: 4.4.0, API_VERSION: 2.213
Linux … 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux
Thanks for any insight!
Regards,
Dan
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
