Ok,
Found the issue. I believe it is a Fedora (25) issue, but not sure
yet. So, registering here for the archives.
My IPA is on a FC25 on a LXC container (2.0.6) on a Jessie host.
The IPA container ethernet is on a private bridge (not attached to any
real one).
The FC container was
On 16/01/2017 16:37, Raul Dias wrote:
Did some testing.
From the windows server, did a port scanner on the IPA server (tcp +
udp), no blocking between. (tested open).
The IPA has DNSSEC on, but that is for the zones only, right? There is
no indication of DNSSEC in the datagrams.
You can
Did some testing.
From the windows server, did a port scanner on the IPA server (tcp +
udp), no blocking between. (tested open).
The IPA has DNSSEC on, but that is for the zones only, right? There is
no indication of DNSSEC in the datagrams.
The wireshark in the windows server:
A - The
On 16/01/2017 00:52, Raul Dias wrote:
The packets are getting back That has being stablished already.
With Wireshark at the 2008R2 end?
I am looking for possible reasons it would disregard the answer, but
accept when using a non-freeipa bind9 one.
Look at wireshark detail on both sets of
On 15/01/2017 19:15, Brian Candler wrote:
On FreeIPA host: tcpdump -i eth0 -nnv -s0 port 53 and host x.x.x.x
where x.x.x.x is IP address of the 2008R2 server, and assuming eth0 is
the NIC.
See if any DNS queries arrive at the FreeIPA server. If no: then the
problem is with the 2008R2
On 14/01/2017 20:01, Raul Dias wrote:
I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.
A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
This server works fine with my old bind server, google's dns server
(8.8.8.8), but not FreeIPA's.
Using
On 14/01/2017 22:08, Fil Di Noto wrote:
Sounds more like a client problem (firewall, hosts file, network
settings/routes)
Unfortunally not that I have found.
Other clients are able to resolve against the IPA server?
yes.
You are seeing the response come back on a packet capture taken from
Sounds more like a client problem (firewall, hosts file, network
settings/routes)
Other clients are able to resolve against the IPA server? You are seeing
the response come back on a packet capture taken from the windows server?
If yes to both of those, maybe the windows server thinks the IPA