Re: [Freeipa-users] named and IpA
On Thu, Oct 02, 2014 at 05:05:10PM +, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote: From the IdM server we can only lookup local records. The name resolver will not attempt to look to another other name servers or domains defined in /etc/resolv.conf What exactly is in your /etc/resolv.conf? Just the IP address of the IPA server (localhost), or some other records? If I shutdown IdM using ipactl stop and then restart named, the name resolver works for local and remote hosts, addresses and domains as well as serving up the SRV records defined on the local host. So if all IdM services are running, you do not seem to have named observing forwarders settings but if you only run named on the IdM machine and nothing else, it starts to observe them? Can you show dig output for one of the problematic records to see which DNS server is answering the query? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] named and IpA
On 2.10.2014 19:05, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote: We have IdM running on a RHEL V7 system and have configured a local DNS server in our test lab. We have loaded the various SRV and TXT records needed by the IdM server. PROBLEM: From the IdM server we can only lookup local records. The name resolver will not attempt to look to another other name servers or domains defined in /etc/resolv.conf If I shutdown IdM using ipactl stop and then restart named, the name resolver works for local and remote hosts, addresses and domains as well as serving up the SRV records defined on the local host. Am I correct in assuming that while IdM is up and running, the only other systems it will communicate with at least with regard to name services is another host also running IdM defined either as a server or a client ? If this is case, is there anyone to better integrate some of these common services such as named into an existing network such that you are not limited by the IdM components ? I would like to get additional information about your environment: - Is the IPA server is installed with DNS or not? Did you use option --setup-dns during ipa-server-install? - Which DNS zones do you have defined on IPA server? You can use command ipa dnszone-find to list all zones. - Is there any other DNS servers serving same DNS zones? - Did you configure forwarders in /etc/named.conf or via ipa command line tools (ipa dnsconfig-mod or --forwarder option during ipa-server-install)? - Please attach result of DNS lookups using dig command: One output when it doesn't work (i.e. with IPA running) and the other when it works as you expect (i.e. after ipactl stop and service named restart). Thank you. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] named and IpA
On 10/02/2014 01:05 PM, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote: We have IdM running on a RHEL V7 system and have configured a local DNS server in our test lab. We have loaded the various SRV and TXT records needed by the IdM server. PROBLEM: From the IdM server we can only lookup local records. The name resolver will not attempt to look to another other name servers or domains defined in /etc/resolv.conf If I shutdown IdM using ipactl stop and then restart named, the name resolver works for local and remote hosts, addresses and domains as well as serving up the SRV records defined on the local host. Am I correct in assuming that while IdM is up and running, the only other systems it will communicate with at least with regard to name services is another host also running IdM defined either as a server or a client ? If this is case, is there anyone to better integrate some of these common services such as named into an existing network such that you are not limited by the IdM components ? *Al Licause * If DNS is running on IdM the DNS lookups might be forwarded to different DNS servers depending on your DNS cofiguration. Based on what you describe it seems that there is some sort of DNS misconfiguration. I would leave to gurus to help you with that. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
