Hello! First of all, what version of FreeIPA do you use? FreeIPA 4.1.what?
On 9.3.2015 19:18, Matt Wells wrote: > I'm getting some errors on a DNS Zone that I'm attempting to create. > My systems reside within a sub-domain of example.com. > (xyz.example.com) > Of course example.com is the internet address, but I want to host the > internal example.com so we're able to point to internal intranets and > so on. > > So to the good stuff > Regardless of what flags I give, what NS records I change, the NS > never actually set. I know it's something silly that I'm overlooking > but would really love other eyes. > > I go to create the zone on server2. > [root@server2 html]# ipa dnszone-add example.com > Zone name: example.com. > Active zone: TRUE > Authoritative nameserver: server2.xyz.example.com. One important note: Field 'Authoritative nameserver' shows only the SOA MNAME value and is not related at all to NS records in the zone. Use $ ipa dnsrecord-show example.com. @ to see NS records in zone apex. > Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone > example.com/IN: NS 'server2.xyz.example.com' has no address records (A > or AAAA) > Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone > example.com/IN: NS 'server1.xyz.example.com' has no address records (A > or AAAA) > Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: zone > example.com/IN: not loaded due to errors. > Mar 09 18:03:51 server1.xyz.example.com named-pkcs11[23279]: > update_zone (syncrepl) failed for > 'idnsname=example.com.,cn=dns,dc=xyz,dc=example,dc=com'. Zones can be > outdated, run `rndc reload`: bad zone At this point we need to know more information: a) You have to add glue records for names listed in example.com NS records. It is not obvious if you did that or not: $ ipa dnsrecord-add example.com server1.xyz --a-rec=192.0.2.1 $ ipa dnsrecord-add example.com server2.xyz --a-rec=192.0.2.2 b) If xyz.example.com is a sub-zone you have to add NS records/delegation for it (even if it is hosted on the same server!): $ ipa dnsrecord-add example.com xyz --ns-rec=server1.xyz.example.com. $ ipa dnsrecord-add example.com xyz --ns-rec=server2.xyz.example.com. Do not forget to change names in NS records if the sub-zone is hosted on different servers. I hope this helps. Have a nice day! -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
