Am Freitag, 10. Juni 2016, 15:26:39 CEST schrieb Petr Spacek: > On 10.6.2016 14:21, Günther J. Niederwimmer wrote: > > Hello, > > > > Am Freitag, 10. Juni 2016, 10:12:50 CEST schrieb Martin Basti: > >> On 10.06.2016 09:09, Günther J. Niederwimmer wrote: > >>> Hello, > >>> > >>> can any help me to clear a question for DNSSEC, NSEC3 > >>> > >>> I have a domain created with bind and DNSSEC and NSEC3 I test this > >>> Domain > >>> and other, not my Domain with > >>> > >>> http://dnsviz.net/d/esslmaier.at/dnssec/ > >>> > >>> This site from Verisign tell me, I have all Secure and also the A, AAAA > >>> Records > >>> > >>> FreeIPA 4.3.1 Centos 7.2 > > > > I mean with the FreeIPA 4.2 I have A or AAAA Records but one from the list > > tell me 4.3.1 is the better version for DNSSEC ? > > > >>> But when I test my IPA created domain > >>> http://dnsviz.net/d/4gjn.com/dnssec/ > >>> > >>> I miss the A, AAAA Records > >>> > >>> can this be correct ? > >>> > >>> Thanks for a answer > >> > >> Hello, > >> do you have configured A and AAAA records in zone apex of '4gjn.com'? > > > > Yes I have configured A AAAA Records, but something is wrong with the Zone > > File ? when I look on my secondary DNS this is a PDNS then I found total > > different entry for esslmaier.at and my 4gjn.com. > > > >> I can `dig +dnssec ipa.4gjn.com. A` with DNSSEC results but for `dig > >> +dnssec 4gjn.com. A` , it looks like there is no A/AAAA records. > > > > Yes I wrote this before but I have no answer, what I can do :-(. > > > >> Can you provide output of the `ipa dnsrecord-show 4gjn.com. @` ? > > > > this is all !!! > > > > [root@ipa ~]# ipa dnsrecord-show 4gjn.com. @ > > > > Datensatzname: @ > > MX record: 10 smtp.4gjn.com. > > NS record: dns.esslmaier.at., ipa.4gjn.com., ns1.ns71.net., > > > > ns1.gratisdns.dk. > > > > TXT record: "v=spf1 mx ip4:89.26.108.213 ip4:89.26.108.0/28 ip6:2001:470:6f: > > 8f1::223 > > > > ip6:2001:470:6f:8f1::/64 ?include:gjn.priv.at -all" > > > > ipa dnsrecord-show 4gjn.com. AAAA > > > > ipa: ERROR: AAAA: DNS resource record nicht gefunden > > > > Is this a LDAP Problem ? > > Apparently you do not have any A/AAAA records defined in IPA. Add some and > you will see :-)
NO ;-( I have configurede all my server with A and AAAA Records ? > Speaking of IPA versions, yes, latest IPA 4.3.2 is the best you can get for > DNSSEC. There is many bugs in older versions. I have IPA 4.3.1, I mean you tell me this with the Bugs, but I can't found 4.3.2 I have this Repo group_freeipa-freeipa-4-3-centos-7-epel-7.repo -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
