So for the last week I'm having trouble with my DNS. It is not working as
expected and is giving me all sort of headaches. I have 4 ipa servers and 4
clients. This is test env for evaluation purposes and I wan't to move to
production later on. My problem however is DNS. I'm on rhel9.1 and my freeipa
version is 4.10.0
[lessfoobar@mserver001p ~]$ ipa dns-update-system-records
IPA DNS records:
_kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88
mserver001p.test.domain.com.
_kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver001p.test.domain.com.
_kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver002p.test.domain.com.
_kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver003p.test.domain.com.
_kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88
mserver001p.test.domain.com.
_kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver001p.test.domain.com.
_kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver002p.test.domain.com.
_kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver003p.test.domain.com.
_kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88
mserver001p.test.domain.com.
_kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver001p.test.domain.com.
_kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver002p.test.domain.com.
_kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88
rserver003p.test.domain.com.
_kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88
mserver001p.test.domain.com.
_kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver001p.test.domain.com.
_kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver002p.test.domain.com.
_kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88
rserver003p.test.domain.com.
_kerberos.test.domain.com. 3600 IN TXT "TEST.DOMAIN.COM"
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:mserver001p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver001p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver002p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver003p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:mserver001p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver001p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver002p.test.domain.com."
_kerberos.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver003p.test.domain.com."
_kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464
mserver001p.test.domain.com.
_kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464
rserver001p.test.domain.com.
_kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464
rserver002p.test.domain.com.
_kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464
rserver003p.test.domain.com.
_kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464
mserver001p.test.domain.com.
_kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464
rserver001p.test.domain.com.
_kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464
rserver002p.test.domain.com.
_kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464
rserver003p.test.domain.com.
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:mserver001p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver001p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver002p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:tcp:rserver003p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:mserver001p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver001p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver002p.test.domain.com."
_kpasswd.test.domain.com. 3600 IN URI 0 100
"krb5srv:m:udp:rserver003p.test.domain.com."
_ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389
mserver001p.test.domain.com.
_ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389
rserver001p.test.domain.com.
_ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389
rserver002p.test.domain.com.
_ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389
rserver003p.test.domain.com.
ipa-ca.test.domain.com. 3600 IN A 192.168.0.21
[lessfoobar@mserver001p ~]$ sudo ipa dnsconfig-show
[sudo] password for lessfoobar:
---------------------------------
Global DNS configuration is empty
---------------------------------
IPA DNS servers: mserver001p.test.domain.com, rserver001p.test.domain.com,
rserver002p.test.domain.com, rserver003p.test.domain.com
[lessfoobar@mserver001p ~]$ sudo ipa dns-server-show
ipa: ERROR: unknown command 'dns-server-show'
[lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show
Server name: mserver001p.test.domain.com
Server name: mserver001p.test.domain.com
SOA mname override: mserver001p.test.domain.com.
Forward policy: none
[lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver001p.test.domain.com
Server name: rserver001p.test.domain.com
SOA mname override: rserver001p.test.domain.com.
Forwarders: 192.168.0.21
Forward policy: first
[lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver003p.test.domain.com
Server name: rserver003p.test.domain.com
SOA mname override: rserver003p.test.domain.com.
Forwarders: 192.168.0.21
Forward policy: first
[lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver002p.test.domain.com
Server name: rserver002p.test.domain.com
SOA mname override: rserver002p.test.domain.com.
Forwarders: 192.168.0.21
Forward policy: first
[lessfoobar@mserver001p ~]$ sudo ipa dnsrecord-show int.domain.com
Record name: rserver001p
Record name: rserver001p
A record: 192.168.0.22
SSHFP record: REDACTED
[lessfoobar@mserver001p ~]$ host 192.168.0.22
Host 22.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
[lessfoobar@mserver001p ~]$ host rserver001p.test.domain.com
Host rserver001p.test.domain.com not found: 2(SERVFAIL)
I'd be more than appreciative if someone lets me know what I'm doing wrong.
PS something else that I've noticed is that selinux is complaining because of
ns-slapd
SELinux access control errors
SELinux is preventing /usr/bin/pk12util from getattr access on the sock_file
/run/pcscd/pcscd.comm. 96
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/var/crash. 8
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/fs/fuse/connections. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/kernel/config. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/boot/efi. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/fs/pstore. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/firmware/efi/efivars. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/fs/bpf. 22
SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory
/sys/kernel/tracing. 22
SELinux is preventing /usr/bin/qemu-ga from read access on the directory
/var/crash. 18
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
