I am seeing inconsistent results configuring a DNS forward zone.

At a bash prompt, as root, after kinit admin, I do:
ipa dnsforwardzone-add domain.internal  --forwarder= ww.xx.yy.zz 
--forward-policy=only

That works fine and does not warn about DNSSEC.

In a Java webapp running as root under a Jetty, I run a shell sub-process and 
issue the kinit and the same ipa statement.
_Sometimes_, I get
ipa: WARNING: DNSSEC validation failed: record 'domain.internal. SOA' failed 
DNSSEC validation on server ww.xx.yy.zz.
Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA 
servers.

I modified the /etc/named.conf file to say:
                dnssec-enable no;
      dnssec-validation no;

and systemctl restart ipa

Any clue why the results are different?

ipa –version: VERSION: 4.4.0, API_VERSION: 2.213
Linux … 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux

Thanks for any insight!

Regards,
Dan

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to