Yes, I want to delete the zone. I tried a few ways, none worked so far.
On Thu, Aug 19, 2021 at 5:15 PM Rob Crittenden <[email protected]> wrote:
> Kathy Zhu via FreeIPA-users wrote:
> > Hi List,
> >
> > When I run ipa-healthcheck on all of our ipa servers, they all reported
> > following:
> >
> > [root@ipa0 ~]# ipa-healthcheck --failures-only --output-type human
> >
> > ERROR:
> >
> ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com:
> > Replication conflict
> >
> > [root@ipa0 ~]#
> >
> > [root@ipa0 ~]# ipa-healthcheck --failures-only
> >
> > [
> >
> > {
> >
> > "source": "ipahealthcheck.ds.replication",
> >
> > "kw": {
> >
> > "msg": "Replication conflict",
> >
> > "glue": true,
> >
> > "conflict": "deletedEntryHasChildren",
> >
> > "key": "idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com"
> >
> > },
> >
> > "uuid": "3027f742-4b7b-4a20-9650-a5a030699480",
> >
> > "duration": "0.002318",
> >
> > "when": "20210819234114Z",
> >
> > "check": "ReplicationConflictCheck",
> >
> > "result": "ERROR"
> >
> > }
> >
> > ]
> >
> > [root@ipa0 ~]#
> >
> > [root@ipa0 ~]# ipa dnsrecord-find 1.1.10.in-addr.arpa.
> > --sizelimit=99999 --all --structured
> >
> > dn: idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com
> >
> > Record name: @
> >
> > Records:
> >
> > Record type: NS
> >
> > Record data: ipa1.example.com <http://ipa1.example.com>.
> >
> > NS Hostname: ipa1.example.com <http://ipa1.example.com>.
> >
> > idnsallowdynupdate: TRUE
> >
> > idnsallowquery: any;
> >
> > idnsallowtransfer: none;
> >
> > idnssoaexpire: 1209600
> >
> > idnssoaminimum: 3600
> >
> > idnssoamname: ipa0.example.com <http://ipa0.example.com>.
> >
> > idnssoarefresh: 3600
> >
> > idnssoaretry: 900
> >
> > idnssoarname: hostmaster
> >
> > idnssoaserial: 1629023582
> >
> > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM>
> > krb5-subdomain 1.1.10.in-addr.arpa. PTR; grant dhcp-key wildcard * ANY;
> >
> > idnszoneactive: FALSE
> >
> > objectclass: top, idnsrecord, idnszone, glue, extensibleobject
> >
> > ----------------------------
> >
> > Number of entries returned 1
> >
> > ----------------------------
> >
> > [root@ipa0 ~]#
> >
> >
> > Notice above, glue is true! After googling, I found following:
> >
> >
> >
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/ipa-replica-manage#Solving_Orphan_Entry_Conflicts
>
> >
> >
> >
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts#Solving_Common_Replication_Conflicts-Solving_Orphan_Entry_Conflicts
> >
> >
> > The explanation made sense to me. However, I do not know what happened
> > to get us into this situation.
> >
> >
> > A good zone displays objectclass like this:
> >
> >
> > objectclass: top, idnsrecord, idnszone
> >
> >
> >
> > Note, no "glue, extensibleobject" there.
> >
> >
> > This zone can not be deleted since "Not allowed on non-leaf entry". Any
> > ideas to delete this zone?
>
> Do you want to delete the zone?
>
> rob
>
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
