Re: [Freeipa-users] IPA and DNS reverse subnets
On 30/01/17 19:32, Tomasz Torcz wrote: On Mon, Jan 30, 2017 at 07:12:10PM +, lejeczek wrote: On 30/01/17 18:28, Tomasz Torcz wrote: On Mon, Jan 30, 2017 at 06:01:03PM +, lejeczek wrote: hi everybody I'm having trouble trying to figure out, or in other words make this to work: I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it I got it right. Host reverse resoling does not seem to right. I have: Zone name: 28/48.10.5.10.in-addr.arpa. <= this here is like non-usual, I understand it's how such a reverse subnet should be defined, but not 100% sure. Here you got it wrong. IPv4 reverses are split at octet boundary, you cannot have greater granularity. And for sure you cannot mix CIDR addressing (/28) and netblock type. On top of that, “/” is not correct character in DNS. how about this - http://www.zytrax.com/books/dns/ch9/reverse.html - would this not work? Wow. This is first time in my life I see this notation. Nevertheless, I was wrong with my previous email. Having read your link, I found http://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation Is this helpful? meanwhile I had it working partially, delegation to subnets works but not everything. More tampering to do, I'll post more findings later, hopefully. thanks. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA and DNS reverse subnets
On Mon, Jan 30, 2017 at 07:12:10PM +, lejeczek wrote: > > > On 30/01/17 18:28, Tomasz Torcz wrote: > > On Mon, Jan 30, 2017 at 06:01:03PM +, lejeczek wrote: > > > hi everybody > > > > > > I'm having trouble trying to figure out, or in other words make this to > > > work: > > > > > > I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure > > > it > > > I got it right. > > > Host reverse resoling does not seem to right. I have: > > > > > > > > >Zone name: 28/48.10.5.10.in-addr.arpa. <= this here is like > > > non-usual, I > > > understand it's how such a reverse subnet should be defined, but not 100% > > > sure. > >Here you got it wrong. IPv4 reverses are split at octet boundary, you > > cannot have greater granularity. And for sure you cannot mix CIDR > > addressing (/28) > > and netblock type. On top of that, “/” is not correct character in DNS. > > how about this - http://www.zytrax.com/books/dns/ch9/reverse.html - would > this not work? Wow. This is first time in my life I see this notation. Nevertheless, I was wrong with my previous email. Having read your link, I found http://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation Is this helpful? -- Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking xmpp: zdzich...@chrome.pl an IP-routable hand grenade.'' -- Andrew Morton (LKML) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA and DNS reverse subnets
On 30/01/17 18:28, Tomasz Torcz wrote: On Mon, Jan 30, 2017 at 06:01:03PM +, lejeczek wrote: hi everybody I'm having trouble trying to figure out, or in other words make this to work: I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it I got it right. Host reverse resoling does not seem to right. I have: Zone name: 28/48.10.5.10.in-addr.arpa. <= this here is like non-usual, I understand it's how such a reverse subnet should be defined, but not 100% sure. Here you got it wrong. IPv4 reverses are split at octet boundary, you cannot have greater granularity. And for sure you cannot mix CIDR addressing (/28) and netblock type. On top of that, “/” is not correct character in DNS. how about this - http://www.zytrax.com/books/dns/ch9/reverse.html - would this not work? Your reverse zone is 10.5.10.in-addr.arpa. (IPv6 reverses are split at nibble boundary, FWIW). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA and DNS reverse subnets
On Mon, Jan 30, 2017 at 06:01:03PM +, lejeczek wrote: > hi everybody > > I'm having trouble trying to figure out, or in other words make this to > work: > > I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it > I got it right. > Host reverse resoling does not seem to right. I have: > > > Zone name: 28/48.10.5.10.in-addr.arpa. <= this here is like non-usual, I > understand it's how such a reverse subnet should be defined, but not 100% > sure. Here you got it wrong. IPv4 reverses are split at octet boundary, you cannot have greater granularity. And for sure you cannot mix CIDR addressing (/28) and netblock type. On top of that, “/” is not correct character in DNS. Your reverse zone is 10.5.10.in-addr.arpa. (IPv6 reverses are split at nibble boundary, FWIW). -- Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking xmpp: zdzich...@chrome.pl an IP-routable hand grenade.'' -- Andrew Morton (LKML) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] IPA and DNS reverse subnets
hi everybody I'm having trouble trying to figure out, or in other words make this to work: I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it I got it right. Host reverse resoling does not seem to right. I have: Zone name: whale.private. Active zone: TRUE Authoritative nameserver: work1.whale.private. Administrator e-mail address: hostmaster.whale.private. SOA serial: 1485797688 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; Zone name: 28/48.10.5.10.in-addr.arpa. <= this here is like non-usual, I understand it's how such a reverse subnet should be defined, but not 100% sure. Active zone: TRUE Authoritative nameserver: work1.whale.private. Administrator e-mail address: hostmaster SOA serial: 1485790340 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; but: ~]$ host 10.5.10.55 Host 55.10.5.10.in-addr.arpa. not found: 3(NXDOMAIN) and when I try to install a replica: ~]$ ipa-replica-install --setup-dns --no-forwarders --setup-ca Password for admin@WHALE.PRIVATE: ipa : ERRORReverse DNS resolution of address 10.5.10.55 (work1.whale.private) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) I understand it's all in DNS, so.. how to tweak it, to fix it? many thank, L. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project