Hello
My IPA servers, and especially the named process, are unstable.
I think there's some wrong configuration because DNS search fails from each IPA server in the domain.
Could you please tell me if something is wrong and can we modify the records and solve the unstability?
Thank you in advance
dms
[<my user>@<my ipa server>: ~]$ dig @<my ipa server>.<my ipa domain> +nssearch <my ipa domain>
=> Nothing
=> Nothing
---------------------------------
[<my user>@<my ipa server>: ~]$ dig @<my ipa server>.<my ipa domain> <my ipa server>.<my ipa domain>
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> @<my ipa server>.<my ipa domain> <my ipa server>.<my ipa domain>
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22295
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22295
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;<my ipa server>.<my ipa domain>. IN A
;<my ipa server>.<my ipa domain>. IN A
;; Query time: 7 msec
;; SERVER: <my IP server>#53(<my IP server>)
;; WHEN: Fri Nov 24 10:22:51 2017
;; MSG SIZE rcvd: 48
;; SERVER: <my IP server>#53(<my IP server>)
;; WHEN: Fri Nov 24 10:22:51 2017
;; MSG SIZE rcvd: 48
---------------------------------
[<my user>@<my ipa server>: ~]$ dig @<my ipa server>.<my ipa domain> NS <my ipa domain>
[<my user>@<my ipa server>: ~]$ dig @<my ipa server>.<my ipa domain> NS <my ipa domain>
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> @<my ipa server>.<my ipa domain> NS <my ipa domain>
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;<my ipa domain>. IN NS
;<my ipa domain>. IN NS
;; Query time: 0 msec
;; SERVER: <my IP server>#53(<my IP server>)
;; WHEN: Fri Nov 24 10:25:36 2017
;; MSG SIZE rcvd: 37
;; SERVER: <my IP server>#53(<my IP server>)
;; WHEN: Fri Nov 24 10:25:36 2017
;; MSG SIZE rcvd: 37
---------------------------------
[<my user>@<my ipa server>: ~]$ ipa dnsrecord-show <my ipa domain> <my ipa server>
Nom d'enregistrement: <my ipa server>
enregistrement A: <my IP server>
enregistrement SSHFP: 1 1 82567874826A93BE0CF8F91443A9527D9D9E8A1E, 2 1 40153E83B62660F95CF979E750BD9B8184061D5E
Nom d'enregistrement: <my ipa server>
enregistrement A: <my IP server>
enregistrement SSHFP: 1 1 82567874826A93BE0CF8F91443A9527D9D9E8A1E, 2 1 40153E83B62660F95CF979E750BD9B8184061D5E
---------------------------------
[<my user>@<my ipa server>: ~]$ ipa dnszone-show <my ipa domain> --all
dn: idnsname=<my ipa domain>,cn=dns,dc=XXXXXX,dc=YYYYYYYYY,dc=ZZ
Nom de zone: <my ipa domain>
Serveur de nom faisant autorité: <server 1>.<my ipa domain>.
Adresse courriel de l'administrateur: hostmaster.<my ipa domain>.
Numéro de série SOA: 1508154343
Actualisation SOA: 3600
ré-essai SOA: 900
Expiration SOA: 1209600
Minimum SOA: 3600
Politique de mise à jour BIND: grant XXXXXX.YYYYYYYYY.ZZ krb5-self * A; grant XXXXXX.YYYYYYYYY.ZZ krb5-self * AAAA; grant XXXXXX.YYYYYYYYY.ZZ krb5-self * SSHFP;
Zone active: TRUE
Mise à jour dynamique: TRUE
Autoriser requête: any;
Autoriser le transfert: none;
nsrecord: <server 1>.<my ipa domain>., <server 2>.<my ipa domain>., <server 3>.<my ipa domain>., <my ipa server>.<my ipa domain>., <server 4>.<my ipa domain>.,
...etc
...etc
objectclass: top, idnsrecord, idnszone
[<my user>@<my ipa server>: ~]$ ipa dnszone-show <my ipa domain> --all
dn: idnsname=<my ipa domain>,cn=dns,dc=XXXXXX,dc=YYYYYYYYY,dc=ZZ
Nom de zone: <my ipa domain>
Serveur de nom faisant autorité: <server 1>.<my ipa domain>.
Adresse courriel de l'administrateur: hostmaster.<my ipa domain>.
Numéro de série SOA: 1508154343
Actualisation SOA: 3600
ré-essai SOA: 900
Expiration SOA: 1209600
Minimum SOA: 3600
Politique de mise à jour BIND: grant XXXXXX.YYYYYYYYY.ZZ krb5-self * A; grant XXXXXX.YYYYYYYYY.ZZ krb5-self * AAAA; grant XXXXXX.YYYYYYYYY.ZZ krb5-self * SSHFP;
Zone active: TRUE
Mise à jour dynamique: TRUE
Autoriser requête: any;
Autoriser le transfert: none;
nsrecord: <server 1>.<my ipa domain>., <server 2>.<my ipa domain>., <server 3>.<my ipa domain>., <my ipa server>.<my ipa domain>., <server 4>.<my ipa domain>.,
...etc
...etc
objectclass: top, idnsrecord, idnszone
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
