Re: [Freeipa-users] DNSSEC A, AAAA Records
On 10.06.2016 18:14, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 18:01:32 CEST schrieb Martin Basti:
On 10.06.2016 17:33, Günther J. Niederwimmer wrote:
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek:
On 10.6.2016 14:21, Günther J. Niederwimmer wrote:
Hello,
Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti:
On 10.06.2016 09:09, Günther J. Niederwimmer wrote:
Hello,
can any help me to clear a question for DNSSEC, NSEC3
I have a domain created with bind and DNSSEC and NSEC3 I test this
Domain
and other, not my Domain with
http://dnsviz.net/d/esslmaier.at/dnssec/
This site from Verisign tell me, I have all Secure and also the A,
Records
FreeIPA 4.3.1 Centos 7.2
I mean with the FreeIPA 4.2 I have A or Records but one from the
list
tell me 4.3.1 is the better version for DNSSEC ?
But when I test my IPA created domain
http://dnsviz.net/d/4gjn.com/dnssec/
I miss the A, Records
can this be correct ?
Thanks for a answer
Hello,
do you have configured A and records in zone apex of '4gjn.com'?
Yes I have configured A Records, but something is wrong with the
Zone
File ? when I look on my secondary DNS this is a PDNS then I found total
different entry for esslmaier.at and my 4gjn.com.
I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig
+dnssec 4gjn.com. A` , it looks like there is no A/ records.
Yes I wrote this before but I have no answer, what I can do :-(.
Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ?
this is all !!!
[root@ipa ~]# ipa dnsrecord-show 4gjn.com. @
Datensatzname: @
MX record: 10 smtp.4gjn.com.
NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net.,
ns1.gratisdns.dk.
TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28
ip6:2001:470:6f:
8f1::223
ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all"
ipa dnsrecord-show 4gjn.com.
ipa: ERROR: : DNS resource record nicht gefunden
Is this a LDAP Problem ?
Apparently you do not have any A/ records defined in IPA. Add some
and
you will see :-)
NO ;-( I have configurede all my server with A and Records ?
But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second
one contains A/ records.
4gjn.com AFAIK is your IPA domain, so it should not contain A/
records by default, unless you manually added them there.
When I make a ipa dnsrecord-show
I miss the RRSIG Record ?
ipa dnsrecord-show
Datensatzname: ipa
Zonenname: 4gjn.com
Datensatzname: ipa
A record: 89.26.XXX.6
record: 2001:470:6f:XXX::204
SSHFP record: 1 1 96CEB1FC971F7916A37D7327DEBD97FAE0B19CDE, 3 2
59ED122BF99D4B149A17B159EF18A277DC0001BE66C14BBDDBF108FB
05763604, 1 2
537DEA114D6232F6698D3B8B940091AE8AE159146764B073B8B77755
8E8789A0, 3 1
02614298C6F2CCF1F2F9BF8FA8A3267589E1FE1B
RRSIG records are not stored in LDAP, they are dynamically generated on
named server for each record, so ipa commands cannot show them, you must use
dig +dnssec @ipaserveraddress ipa.4gjn.com. A
Martin
Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get
for
DNSSEC. There is many bugs in older versions.
I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found
4.3.2
I have this Repo
group_freeipa-freeipa-4-3-centos-7-epel-7.repo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
Am Freitag, 10. Juni 2016, 18:01:32 CEST schrieb Martin Basti: > On 10.06.2016 17:33, Günther J. Niederwimmer wrote: > > Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek: > >> On 10.6.2016 14:21, Günther J. Niederwimmer wrote: > >>> Hello, > >>> > >>> Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: > On 10.06.2016 09:09, Günther J. Niederwimmer wrote: > > Hello, > > > > can any help me to clear a question for DNSSEC, NSEC3 > > > > I have a domain created with bind and DNSSEC and NSEC3 I test this > > Domain > > and other, not my Domain with > > > > http://dnsviz.net/d/esslmaier.at/dnssec/ > > > > This site from Verisign tell me, I have all Secure and also the A, > > > > Records > > > > FreeIPA 4.3.1 Centos 7.2 > >>> > >>> I mean with the FreeIPA 4.2 I have A or Records but one from the > >>> list > >>> tell me 4.3.1 is the better version for DNSSEC ? > >>> > > But when I test my IPA created domain > > http://dnsviz.net/d/4gjn.com/dnssec/ > > > > I miss the A, Records > > > > can this be correct ? > > > > Thanks for a answer > > Hello, > do you have configured A and records in zone apex of '4gjn.com'? > >>> > >>> Yes I have configured A Records, but something is wrong with the > >>> Zone > >>> File ? when I look on my secondary DNS this is a PDNS then I found total > >>> different entry for esslmaier.at and my 4gjn.com. > >>> > I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig > +dnssec 4gjn.com. A` , it looks like there is no A/ records. > >>> > >>> Yes I wrote this before but I have no answer, what I can do :-(. > >>> > Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? > >>> > >>> this is all !!! > >>> > >>> [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ > >>> > >>>Datensatzname: @ > >>>MX record: 10 smtp.4gjn.com. > >>>NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., > >>> > >>> ns1.gratisdns.dk. > >>> > >>>TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 > > > > ip6:2001:470:6f: > >>> 8f1::223 > >>> > >>>ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" > >>> > >>> ipa dnsrecord-show 4gjn.com. > >>> > >>> ipa: ERROR: : DNS resource record nicht gefunden > >>> > >>> Is this a LDAP Problem ? > >> > >> Apparently you do not have any A/ records defined in IPA. Add some > >> and > >> you will see :-) > > > > NO ;-( I have configurede all my server with A and Records ? > > But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second > one contains A/ records. > > 4gjn.com AFAIK is your IPA domain, so it should not contain A/ > records by default, unless you manually added them there. When I make a ipa dnsrecord-show I miss the RRSIG Record ? ipa dnsrecord-show Datensatzname: ipa Zonenname: 4gjn.com Datensatzname: ipa A record: 89.26.XXX.6 record: 2001:470:6f:XXX::204 SSHFP record: 1 1 96CEB1FC971F7916A37D7327DEBD97FAE0B19CDE, 3 2 59ED122BF99D4B149A17B159EF18A277DC0001BE66C14BBDDBF108FB 05763604, 1 2 537DEA114D6232F6698D3B8B940091AE8AE159146764B073B8B77755 8E8789A0, 3 1 02614298C6F2CCF1F2F9BF8FA8A3267589E1FE1B > >> Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get > >> for > >> DNSSEC. There is many bugs in older versions. > > > > I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found > > 4.3.2 > > > > I have this Repo > > > > group_freeipa-freeipa-4-3-centos-7-epel-7.repo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
On 10.06.2016 17:33, Günther J. Niederwimmer wrote: Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek: On 10.6.2016 14:21, Günther J. Niederwimmer wrote: Hello, Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: On 10.06.2016 09:09, Günther J. Niederwimmer wrote: Hello, can any help me to clear a question for DNSSEC, NSEC3 I have a domain created with bind and DNSSEC and NSEC3 I test this Domain and other, not my Domain with http://dnsviz.net/d/esslmaier.at/dnssec/ This site from Verisign tell me, I have all Secure and also the A, Records FreeIPA 4.3.1 Centos 7.2 I mean with the FreeIPA 4.2 I have A or Records but one from the list tell me 4.3.1 is the better version for DNSSEC ? But when I test my IPA created domain http://dnsviz.net/d/4gjn.com/dnssec/ I miss the A, Records can this be correct ? Thanks for a answer Hello, do you have configured A and records in zone apex of '4gjn.com'? Yes I have configured A Records, but something is wrong with the Zone File ? when I look on my secondary DNS this is a PDNS then I found total different entry for esslmaier.at and my 4gjn.com. I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig +dnssec 4gjn.com. A` , it looks like there is no A/ records. Yes I wrote this before but I have no answer, what I can do :-(. Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? this is all !!! [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ Datensatzname: @ MX record: 10 smtp.4gjn.com. NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., ns1.gratisdns.dk. TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: 8f1::223 ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" ipa dnsrecord-show 4gjn.com. ipa: ERROR: : DNS resource record nicht gefunden Is this a LDAP Problem ? Apparently you do not have any A/ records defined in IPA. Add some and you will see :-) NO ;-( I have configurede all my server with A and Records ? But your server name is not '4gjn.com', but 'ipa.4gjn.com'. The second one contains A/ records. 4gjn.com AFAIK is your IPA domain, so it should not contain A/ records by default, unless you manually added them there. Martin Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for DNSSEC. There is many bugs in older versions. I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found 4.3.2 I have this Repo group_freeipa-freeipa-4-3-centos-7-epel-7.repo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek: > On 10.6.2016 14:21, Günther J. Niederwimmer wrote: > > Hello, > > > > Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: > >> On 10.06.2016 09:09, Günther J. Niederwimmer wrote: > >>> Hello, > >>> > >>> can any help me to clear a question for DNSSEC, NSEC3 > >>> > >>> I have a domain created with bind and DNSSEC and NSEC3 I test this > >>> Domain > >>> and other, not my Domain with > >>> > >>> http://dnsviz.net/d/esslmaier.at/dnssec/ > >>> > >>> This site from Verisign tell me, I have all Secure and also the A, > >>> Records > >>> > >>> FreeIPA 4.3.1 Centos 7.2 > > > > I mean with the FreeIPA 4.2 I have A or Records but one from the list > > tell me 4.3.1 is the better version for DNSSEC ? > > > >>> But when I test my IPA created domain > >>> http://dnsviz.net/d/4gjn.com/dnssec/ > >>> > >>> I miss the A, Records > >>> > >>> can this be correct ? > >>> > >>> Thanks for a answer > >> > >> Hello, > >> do you have configured A and records in zone apex of '4gjn.com'? > > > > Yes I have configured A Records, but something is wrong with the Zone > > File ? when I look on my secondary DNS this is a PDNS then I found total > > different entry for esslmaier.at and my 4gjn.com. > > > >> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig > >> +dnssec 4gjn.com. A` , it looks like there is no A/ records. > > > > Yes I wrote this before but I have no answer, what I can do :-(. > > > >> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? > > > > this is all !!! > > > > [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ > > > > Datensatzname: @ > > MX record: 10 smtp.4gjn.com. > > NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., > > > > ns1.gratisdns.dk. > > > > TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: > > 8f1::223 > > > > ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" > > > > ipa dnsrecord-show 4gjn.com. > > > > ipa: ERROR: : DNS resource record nicht gefunden > > > > Is this a LDAP Problem ? > > Apparently you do not have any A/ records defined in IPA. Add some and > you will see :-) NO ;-( I have configurede all my server with A and Records ? > Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for > DNSSEC. There is many bugs in older versions. I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found 4.3.2 I have this Repo group_freeipa-freeipa-4-3-centos-7-epel-7.repo -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
On 10.6.2016 14:21, Günther J. Niederwimmer wrote: > Hello, > > Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: >> On 10.06.2016 09:09, Günther J. Niederwimmer wrote: >>> Hello, >>> >>> can any help me to clear a question for DNSSEC, NSEC3 >>> >>> I have a domain created with bind and DNSSEC and NSEC3 I test this Domain >>> and other, not my Domain with >>> >>> http://dnsviz.net/d/esslmaier.at/dnssec/ >>> >>> This site from Verisign tell me, I have all Secure and also the A, >>> Records >>> >>> FreeIPA 4.3.1 Centos 7.2 > > I mean with the FreeIPA 4.2 I have A or Records but one from the list > tell me 4.3.1 is the better version for DNSSEC ? > >>> But when I test my IPA created domain >>> http://dnsviz.net/d/4gjn.com/dnssec/ >>> >>> I miss the A, Records >>> >>> can this be correct ? >>> >>> Thanks for a answer >> >> Hello, >> do you have configured A and records in zone apex of '4gjn.com'? > > Yes I have configured A Records, but something is wrong with the Zone > File > ? when I look on my secondary DNS this is a PDNS then I found total different > entry for esslmaier.at and my 4gjn.com. > > >> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig >> +dnssec 4gjn.com. A` , it looks like there is no A/ records. > Yes I wrote this before but I have no answer, what I can do :-(. > >> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? > > this is all !!! > > [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ > Datensatzname: @ > MX record: 10 smtp.4gjn.com. > NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., > ns1.gratisdns.dk. > TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: > 8f1::223 > ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" > > ipa dnsrecord-show 4gjn.com. > ipa: ERROR: : DNS resource record nicht gefunden > > Is this a LDAP Problem ? Apparently you do not have any A/ records defined in IPA. Add some and you will see :-) Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for DNSSEC. There is many bugs in older versions. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
Hello, Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: > On 10.06.2016 09:09, Günther J. Niederwimmer wrote: > > Hello, > > > > can any help me to clear a question for DNSSEC, NSEC3 > > > > I have a domain created with bind and DNSSEC and NSEC3 I test this Domain > > and other, not my Domain with > > > > http://dnsviz.net/d/esslmaier.at/dnssec/ > > > > This site from Verisign tell me, I have all Secure and also the A, > > Records > > > > FreeIPA 4.3.1 Centos 7.2 I mean with the FreeIPA 4.2 I have A or Records but one from the list tell me 4.3.1 is the better version for DNSSEC ? > > But when I test my IPA created domain > > http://dnsviz.net/d/4gjn.com/dnssec/ > > > > I miss the A, Records > > > > can this be correct ? > > > > Thanks for a answer > > Hello, > do you have configured A and records in zone apex of '4gjn.com'? Yes I have configured A Records, but something is wrong with the Zone File ? when I look on my secondary DNS this is a PDNS then I found total different entry for esslmaier.at and my 4gjn.com. > I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig > +dnssec 4gjn.com. A` , it looks like there is no A/ records. Yes I wrote this before but I have no answer, what I can do :-(. > Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? this is all !!! [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ Datensatzname: @ MX record: 10 smtp.4gjn.com. NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., ns1.gratisdns.dk. TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: 8f1::223 ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" ipa dnsrecord-show 4gjn.com. ipa: ERROR: : DNS resource record nicht gefunden Is this a LDAP Problem ? -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
On 10.06.2016 10:12, Martin Basti wrote: On 10.06.2016 09:09, Günther J. Niederwimmer wrote: Hello, can any help me to clear a question for DNSSEC, NSEC3 I have a domain created with bind and DNSSEC and NSEC3 I test this Domain and other, not my Domain with http://dnsviz.net/d/esslmaier.at/dnssec/ This site from Verisign tell me, I have all Secure and also the A, Records FreeIPA 4.3.1 Centos 7.2 But when I test my IPA created domain http://dnsviz.net/d/4gjn.com/dnssec/ I miss the A, Records can this be correct ? Thanks for a answer Hello, do you have configured A and records in zone apex of '4gjn.com'? I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig +dnssec 4gjn.com. A` , it looks like there is no A/ records. Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? Martin http://dnsviz.net/d/ipa.4gjn.com/dnssec/ Visualized here, thank you for page I didn't know about it before, I like it :) . Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] DNSSEC A, AAAA Records
On 10.06.2016 09:09, Günther J. Niederwimmer wrote: Hello, can any help me to clear a question for DNSSEC, NSEC3 I have a domain created with bind and DNSSEC and NSEC3 I test this Domain and other, not my Domain with http://dnsviz.net/d/esslmaier.at/dnssec/ This site from Verisign tell me, I have all Secure and also the A, Records FreeIPA 4.3.1 Centos 7.2 But when I test my IPA created domain http://dnsviz.net/d/4gjn.com/dnssec/ I miss the A, Records can this be correct ? Thanks for a answer Hello, do you have configured A and records in zone apex of '4gjn.com'? I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig +dnssec 4gjn.com. A` , it looks like there is no A/ records. Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
