Hi, I am having an issue with the forward first not appear to be working. I have two separate IPA servers that server separate realms. I have for the reverse zone configured forwarders to point to the other realms IPA server. All versions are identical on the IPA servers. I have included details on version and tests that show this is not working.
$ yum list installed |grep bind-dyndb-ldap bind-dyndb-ldap.x86_64 3.5-4.el7 @base $ yum list installed |grep ipa ipa-admintools.x86_64 3.3.3-28.0.1.el7.centos.3 @updates ipa-client.x86_64 3.3.3-28.0.1.el7.centos.3 @updates ipa-python.x86_64 3.3.3-28.0.1.el7.centos.3 @updates ipa-server.x86_64 3.3.3-28.0.1.el7.centos.3 @updates libipa_hbac.x86_64 1.11.2-68.el7_0.6 @updates libipa_hbac-python.x86_64 1.11.2-68.el7_0.6 @updates python-iniparse.noarch 0.4-9.el7 @anaconda sssd-ipa.x86_64 BELOW IS WITH FORWARDING DISABLED. It cannot find 10.1.0.9 but can find 10.1.20.9. This is expected as this server only has the 10.1.20.9 record. $ nslookup > server 10.1.20.9 Default server: 10.1.20.9 Address: 10.1.20.9#53 > 10.1.20.9 Server: 10.1.20.9 Address: 10.1.20.9#53 9.20.1.10.in-addr.arpa name = prd-ops-ipa01.uzb.local. > 10.1.0.9 Server: 10.1.20.9 Address: 10.1.20.9#53 ** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN BELOW IS WITH FORWARDING ENABLED. It cannot find 10.1.20.9 but can find 10.1.0.9. This is expected as the forwarding server only has the 10.1.0.9 record. > 10.1.20.9 Server: 10.1.20.9 Address: 10.1.20.9#53 ** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN > 10.1.0.9 Server: 10.1.20.9 Address: 10.1.20.9#53 Non-authoritative answer: 9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local. Authoritative answers can be found from: 1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local. BELOW IS WITH FORWARD FIRST ENABLED. It cannot find 10.1.20.9 but can find 10.1.0.9. This is un-expected as the local zone has the 10.1.20.9 and the forward server has the 10.1.0.9 so we should be getting both. > 10.1.20.9 Server: 10.1.20.9 Address: 10.1.20.9#53 ** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN > 10.1.0.9 Server: 10.1.20.9 Address: 10.1.20.9#53 Non-authoritative answer: 9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local. Authoritative answers can be found from: 1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local. ops-ipa01.bbf.local internet address = 10.1.0.9 Any help is greatly appreciated. Thanks, Shaun [cid:[email protected]] Shaun Martin IT\OPS Manager Black Duck Software O: +1.781.425.4336 Black Duck Software<http://www.blackducksoftware.com/> | OpenHUB<https://www.openhub.net/> | OSDelivers<http://osdelivers.blackducksoftware.com/> | OSS Logistics<https://www.blackducksoftware.com/oss-logistics> [cid:[email protected]] <http://twitter.com/black_duck_sw> [cid:[email protected]] <https://www.linkedin.com/company/black-duck-software> [cid:[email protected]] <https://www.facebook.com/BlackDuckSoftware> [cid:[email protected]] <https://plus.google.com/+Blackducksoftware/> [cid:[email protected]] <http://www.slideshare.net/blackducksoftware> [cid:[email protected]] JP Morgan Chase & Co. Hall of Innovation Inductee <https://www.youtube.com/user/BlackDuckSoftware> <https://www.youtube.com/user/BlackDuckSoftware>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
