Re: [Freeipa-users] SRV (mixed?) records
On 10.11.2016 12:08, lejeczek wrote: > > > On 10/11/16 10:44, Petr Spacek wrote: >> This is non-standard situation so it asks for non-standard commands. >> >> I would try: >> $ ipa privilege-mod 'DNS Servers' >> --addattr=member=krbprincipalname=DNS/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x' >> >> $ ipa privilege-mod 'DNS Servers' >> --addattr=member=krbprincipalname=ipa-dnskeysyncd/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x' >> >> >> Be very careful when constructing these DNs, --addattr do not validate the >> input! > > well, I realize these can be trivial trifles, but man, you saved the... week! > And to finish (hopefully) - maybe even more of a puzzle: how it happened? > This box member was fine, suddenly (I was recovering/reconnecting replication > agreements), maybe not suddenly, but when I noticed at some point, it did > that. It lost those ldap bits? Good question! I really do not know. You may dig into /var/log/dirsrv/* and look for modifications in the privilege LDAP entry but that is the only advice I have. Please let us know if you found out how it happened. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 10/11/16 10:44, Petr Spacek wrote: This is non-standard situation so it asks for non-standard commands. I would try: $ ipa privilege-mod 'DNS Servers' --addattr=member=krbprincipalname=DNS/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x' $ ipa privilege-mod 'DNS Servers' --addattr=member=krbprincipalname=ipa-dnskeysyncd/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x' Be very careful when constructing these DNs, --addattr do not validate the input! well, I realize these can be trivial trifles, but man, you saved the... week! And to finish (hopefully) - maybe even more of a puzzle: how it happened? This box member was fine, suddenly (I was recovering/reconnecting replication agreements), maybe not suddenly, but when I noticed at some point, it did that. It lost those ldap bits? many! thanks L. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 10.11.2016 11:32, lejeczek wrote: > > > On 10/11/16 06:51, Petr Spacek wrote: >> On 9.11.2016 16:57, lejeczek wrote: >>> >>> On 09/11/16 14:35, Martin Basti wrote: On 09.11.2016 15:33, lejeczek wrote: > > On 09/11/16 13:48, Martin Basti wrote: >> >> On 09.11.2016 14:11, lejeczek wrote: >>> >>> On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: > > On 08/11/16 19:37, Martin Basti wrote: >> >> On 08.11.2016 19:41, lejeczek wrote: >>> hi everyone >>> when I look at my domain I see something which seems inconsistent to >>> me (eg. work5 is not part of the domain, was --uninstalled) >>> Do these record need fixing? >>> I'm asking becuase one of the servers, despite the fact the ipa dns >>> related toolkit(on that server) shows zone & records, to >>> dig/host/etc. presents nothing, empty responses!?? >>> >>> $ ipa dnsrecord-find xx.xx.xx.xx.x. >>>Record name: @ >>>NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., >>> dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. >>> >>>Record name: _kerberos >>>TXT record: .xx.xx..xx.xx.x >>> >>>Record name: >>> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs >>>SRV record: 0 100 88 rider, 0 100 88 work5 >>> >>>Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs >>>SRV record: 0 100 389 rider, 0 100 389 work5 >>> >>>Record name: >>> _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs >>>SRV record: 0 100 88 rider, 0 100 88 work5 >>> >>>Record name: _kerberos._tcp.dc._msdcs >>>SRV record: 0 100 88 rider, 0 100 88 work5 >>> >>>Record name: _ldap._tcp.dc._msdcs >>>SRV record: 0 100 389 rider, 0 100 389 work5 >>> >>>Record name: _kerberos._udp.dc._msdcs >>>SRV record: 0 100 88 rider, 0 100 88 work5 >>> >>>Record name: _kerberos._tcp >>>SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 >>> 88 swir >>> >>>Record name: _kerberos-master._tcp >>>SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 >>> 88 swir >>> >>>Record name: _kpasswd._tcp >>>SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 >>> 100 >>> 464 whale >>> >>>Record name: _ldap._tcp >>>SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 >>> 100 >>> 389 rider >>> >>>Record name: _kerberos._udp >>>SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 >>> 88 swir >>> >>>Record name: _kerberos-master._udp >>>SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 >>> 88 swir >>> >>>Record name: _kpasswd._udp >>>SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 >>> 100 >>> 464 whale >>> >>>Record name: _ntp._udp >>>SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 >>> 100 123 swir >>> >>> thanks. >>> L. >>> >> >> Hello, >> >> if server work5 is uninstalled, then work5 SRV records should be >> removed. >> >> Martin > Martin, would you be able suggest a way to troubleshoot that problem > that one (only) server (rider) seems to present no data for the whole > domain? Remaining servers correctly respond to any queries. One > curious > thing is that I $rndc trace 6; and (I see debug level changed in > journalctl) I do not see anything in the logs when I query. > Zone allows any to query it. > > What dig @rider command returns for SRV queries? >>> don't mind SRV records for now, it returns no record at all, it forwards >>> and caches but not for the domain itself. >>> on rider (suffice I point to other member server and records are there) >>> >>> $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 >>> >>> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. >>> @10.5.6.100 >>> ;; global options: +cmd >>> ;; Sending: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 >>> ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;.xx.xx..xx.xx.x. IN ANY >>> >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NXDO
Re: [Freeipa-users] SRV (mixed?) records
On 10/11/16 06:51, Petr Spacek wrote: On 9.11.2016 16:57, lejeczek wrote: On 09/11/16 14:35, Martin Basti wrote: On 09.11.2016 15:33, lejeczek wrote: On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. I'm lost now, I don't understand you, you told me that resolving on 'rider' server doesn't work, then you write me that it is expected because you have fowardzone set, but you cannot have forwardzone and master zone for the same domain, IPA doesn't allow it, so I have no idea what is not working for you. (You didn't make it easier by obfuscating output) Martin no no, sorry, I mean - it forwards whereas is should be authoritative for it's own FQDN. I realize it is not obvious after I obfuscated the output, but here: ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 this looks like the only domain with is dnsforwardzone, everything else is dnsz
Re: [Freeipa-users] SRV (mixed?) records
On 9.11.2016 16:57, lejeczek wrote: > > > On 09/11/16 14:35, Martin Basti wrote: >> >> >> On 09.11.2016 15:33, lejeczek wrote: >>> >>> >>> On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: > > > On 09/11/16 12:43, Martin Basti wrote: >> >> >> On 09.11.2016 12:15, lejeczek wrote: >>> >>> >>> On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: > hi everyone > when I look at my domain I see something which seems inconsistent to > me (eg. work5 is not part of the domain, was --uninstalled) > Do these record need fixing? > I'm asking becuase one of the servers, despite the fact the ipa dns > related toolkit(on that server) shows zone & records, to > dig/host/etc. presents nothing, empty responses!?? > > $ ipa dnsrecord-find xx.xx.xx.xx.x. > Record name: @ > NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., > dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. > > Record name: _kerberos > TXT record: .xx.xx..xx.xx.x > > Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs > SRV record: 0 100 88 rider, 0 100 88 work5 > > Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs > SRV record: 0 100 389 rider, 0 100 389 work5 > > Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs > SRV record: 0 100 88 rider, 0 100 88 work5 > > Record name: _kerberos._tcp.dc._msdcs > SRV record: 0 100 88 rider, 0 100 88 work5 > > Record name: _ldap._tcp.dc._msdcs > SRV record: 0 100 389 rider, 0 100 389 work5 > > Record name: _kerberos._udp.dc._msdcs > SRV record: 0 100 88 rider, 0 100 88 work5 > > Record name: _kerberos._tcp > SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 > 88 swir > > Record name: _kerberos-master._tcp > SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 > 88 swir > > Record name: _kpasswd._tcp > SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 > 464 whale > > Record name: _ldap._tcp > SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 > 389 rider > > Record name: _kerberos._udp > SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 > 88 swir > > Record name: _kerberos-master._udp > SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 > 88 swir > > Record name: _kpasswd._udp > SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 > 464 whale > > Record name: _ntp._udp > SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 > 100 123 swir > > thanks. > L. > Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin >>> >>> Martin, would you be able suggest a way to troubleshoot that problem >>> that one (only) server (rider) seems to present no data for the whole >>> domain? Remaining servers correctly respond to any queries. One curious >>> thing is that I $rndc trace 6; and (I see debug level changed in >>> journalctl) I do not see anything in the logs when I query. >>> Zone allows any to query it. >>> >>> >> >> What dig @rider command returns for SRV queries? >> > don't mind SRV records for now, it returns no record at all, it forwards > and caches but not for the domain itself. > on rider (suffice I point to other member server and records are there) > > $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. > @10.5.6.100 > ;; global options: +cmd > ;; Sending: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 > ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;.xx.xx..xx.xx.x. IN ANY > > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;.xx.xx..xx.xx.x. IN ANY > > ;; AUTHORITY SECTION: > .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. > 1478696070 1800 900 604800 36
Re: [Freeipa-users] SRV (mixed?) records
On 09/11/16 14:35, Martin Basti wrote: On 09.11.2016 15:33, lejeczek wrote: On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. I'm lost now, I don't understand you, you told me that resolving on 'rider' server doesn't work, then you write me that it is expected because you have fowardzone set, but you cannot have forwardzone and master zone for the same domain, IPA doesn't allow it, so I have no idea what is not working for you. (You didn't make it easier by obfuscating output) Martin no no, sorry, I mean - it forwards whereas is should be authoritative for it's own FQDN. I realize it is not obvious after I obfuscated the output, but here: ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 this looks like the only domain with is dnsforwardzone, everything else is dnszone parent.xx.xx. - is th
Re: [Freeipa-users] SRV (mixed?) records
On 09.11.2016 15:33, lejeczek wrote: On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. I'm lost now, I don't understand you, you told me that resolving on 'rider' server doesn't work, then you write me that it is expected because you have fowardzone set, but you cannot have forwardzone and master zone for the same domain, IPA doesn't allow it, so I have no idea what is not working for you. (You didn't make it easier by obfuscating output) Martin no no, sorry, I mean - it forwards whereas is should be authoritative for it's own FQDN. I realize it is not obvious after I obfuscated the output, but here: ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 this looks like the only domain with is dnsforwardzone, everything else is dnszone parent.xx.xx. - is the only forward private.my.parent.xx.xx - it is IPA domain &
Re: [Freeipa-users] SRV (mixed?) records
On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. I'm lost now, I don't understand you, you told me that resolving on 'rider' server doesn't work, then you write me that it is expected because you have fowardzone set, but you cannot have forwardzone and master zone for the same domain, IPA doesn't allow it, so I have no idea what is not working for you. (You didn't make it easier by obfuscating output) Martin no no, sorry, I mean - it forwards whereas is should be authoritative for it's own FQDN. I realize it is not obvious after I obfuscated the output, but here: ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 this looks like the only domain with is dnsforwardzone, everything else is dnszone parent.xx.xx. - is the only forward private.my.parent.xx.xx - it is IPA domain & dnszone I query private.my.p
Re: [Freeipa-users] SRV (mixed?) records
On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. I'm lost now, I don't understand you, you told me that resolving on 'rider' server doesn't work, then you write me that it is expected because you have fowardzone set, but you cannot have forwardzone and master zone for the same domain, IPA doesn't allow it, so I have no idea what is not working for you. (You didn't make it easier by obfuscating output) Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? don't mind SRV records for now, it returns no record at all, it forwards and caches but not for the domain itself. on rider (suffice I point to other member server and records are there) $ dig +qr any .xx.xx..xx.xx.x. @10.5.6.100 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +qr any .xx.xx..xx.xx.x. @10.5.6.100 ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36196 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36196 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;.xx.xx..xx.xx.x. IN ANY ;; AUTHORITY SECTION: .xx.xx.x. 3600 IN SOA ipreg.xxx.xx.xx.x. hostmaster.xx.xx.x. 1478696070 1800 900 604800 3600 ;; Query time: 5 msec ;; SERVER: 10.5.6.100#53(10.5.6.100) ;; WHEN: Wed Nov 09 12:56:16 GMT 2016 ;; MSG SIZE rcvd: 120 I obfuscated FQDNs but it seems like it forwards to a parent domain (to which it's supposed, by dnsforwardzone) And like I mentioned earlier, I do dnszone-find, etc. (on rider) it's all there. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. What dig @rider command returns for SRV queries? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin Martin, would you be able suggest a way to troubleshoot that problem that one (only) server (rider) seems to present no data for the whole domain? Remaining servers correctly respond to any queries. One curious thing is that I $rndc trace 6; and (I see debug level changed in journalctl) I do not see anything in the logs when I query. Zone allows any to query it. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] SRV (mixed?) records
On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. Hello, if server work5 is uninstalled, then work5 SRV records should be removed. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] SRV (mixed?) records
hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers, despite the fact the ipa dns related toolkit(on that server) shows zone & records, to dig/host/etc. presents nothing, empty responses!?? $ ipa dnsrecord-find xx.xx.xx.xx.x. Record name: @ NS record: swir.xx.xx.xx.xx.x., rider.xx.xx.xx.xx.x., dzien.xx.xx.xx.xx.x., whale.xx.xx.xx.xx.x. Record name: _kerberos TXT record: .xx.xx..xx.xx.x Record name: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _ldap._tcp.dc._msdcs SRV record: 0 100 389 rider, 0 100 389 work5 Record name: _kerberos._udp.dc._msdcs SRV record: 0 100 88 rider, 0 100 88 work5 Record name: _kerberos._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._tcp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._tcp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ldap._tcp SRV record: 0 100 389 swir, 0 100 389 dzien, 0 100 389 whale, 0 100 389 rider Record name: _kerberos._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kerberos-master._udp SRV record: 0 100 88 whale, 0 100 88 dzien, 0 100 88 rider, 0 100 88 swir Record name: _kpasswd._udp SRV record: 0 100 464 rider, 0 100 464 swir, 0 100 464 dzien, 0 100 464 whale Record name: _ntp._udp SRV record: 0 100 123 dzien, 0 100 123 rider, 0 100 123 whale, 0 100 123 swir thanks. L. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
