Any other ideas? I just spun up a new VM and took the defaults on everything while running ipa-server-install (the defaults did make sense) and my new VM can't resolve -anything- in the domain in which it lives. The "old" VM (running the same versions of everything on the same OS) can't even resolve the clients I have registered with it!
So I'm pretty frustrated and am wondering, what _exactly_ is the role of bind in the IPA server and how is it expected to know anything about the local DNS domain without becoming a bind slave server? Thanks. On Tue, Dec 2, 2014 at 11:58 AM, Petr Spacek <[email protected]> wrote: > On 2.12.2014 17:36, Martin Basti wrote: > > On 02/12/14 17:28, Matthew Herzog wrote: > >> I just realized that my IPA servers cannot resolve ANY servers in my > domain. > >> What do I need to do to fix this? Below is my named.conf. > >> > >> > >> options { > >> // turns on IPv6 for port 53, IPv4 is on by default for all > ifaces > >> listen-on-v6 {any;}; > >> > >> // Put files that named is allowed to write in the data/ > directory: > >> directory "/var/named"; // the default > >> dump-file "data/cache_dump.db"; > >> statistics-file "data/named_stats.txt"; > >> memstatistics-file "data/named_mem_stats.txt"; > >> > >> forward first; > >> forwarders { > >> 10.100.8.41; > >> 10.100.8.40; > >> 10.100.4.13; > >> 10.100.4.14; > >> 10.100.4.19; > >> 10.100.4.44; > >> }; > >> > >> // Any host is permitted to issue recursive queries > >> allow-recursion { any; }; > >> > >> tkey-gssapi-keytab "/etc/named.keytab"; > >> pid-file "/run/named/named.pid"; > >> }; > >> > >> /* If you want to enable debugging, eg. using the 'rndc trace' command, > >> * By default, SELinux policy does not allow named to modify the > /var/named > >> directory, > >> * so put the default debug log file in data/ : > >> */ > >> logging { > >> channel default_debug { > >> file "data/named.run"; > >> severity dynamic; > >> print-time yes; > >> }; > >> }; > >> }; > >> > >> zone "." IN { > >> type hint; > >> file "named.ca <http://named.ca>"; > >> }; > >> > >> include "/etc/named.rfc1912.zones"; > >> > >> dynamic-db "ipa" { > >> library "ldap.so"; > >> arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket"; > >> arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com"; > >> arg "fake_mname freeipa-poc01.bo3.e-bozo.com > >> <http://freeipa-poc01.bo3.e-bozo.com>."; > >> arg "auth_method sasl"; > >> arg "sasl_mech GSSAPI"; > >> arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com > >> <http://freeipa-poc01.bo3.e-bozo.com>"; > >> arg "serial_autoincrement yes"; > >> }; > >> > >> > >> > >> > > Hello, > > > > which version ipa do you use? which platform? Which version > bind-dyndb-ldap? > > > > Can you run these commands, and check if there any errors? > > ipactl status > > systemctl status named (respectively journalctl -u named) > > We also may want to see information listed on page > https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project > -- If life gives you melons, you may be dyslexic.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
