[Freeipa-users] Re: IPA Hosts do not follow DNS rules, unable to reach AD DNS zone, adding IPA domain suffix to DNS request

Mon, 16 Dec 2024 00:22:17 -0800 

On Пан, 16 сне 2024, Chmatos . via FreeIPA-users wrote:

Hello Alexander,
thank you, yes you are right Iam using systemd-resolved. Strange why
clients asking of IPA servers not directly DNS servers. It look like
clients dont recognize differences between mydomain.local and
lnxmydomain.local

/etc/resolv.conf:
nameserver 127.0.0.53
options edns0 trust-ad
search lnxmydomain.local reddog.microsoft.com

systemd-analyze cat-config systemd/resolved.conf:
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 
2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 
2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 
2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=192.168.4.53 192.168.149.53 192.168.2.53
#FallbackDNS=
Domains=lnxmydomain.local
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0


Thanks. So you need to debug systemd-resolved.

To make turn on debug logging for systemd-resolved use: "systemctl edit 
systemd-resolved", then add there:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

Then issue "systemctl restart systemd-resolved".

And retry the search, the debug output of systemd-resolved will be in
the system journal.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to