FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    May 2018
    Location
    Chicago, IL
    Posts
    2

    FreeIPA DNS Resolving Issues

    Hello,

    I have 3 FreeIPA 4.5.0 servers setup. They are replicating CA and Domain. I have named-pkcs11 working on all 3 servers. The problem is when the first FreeIPA server that I setup is down or the named-pkcs11 service is down, none of the FreeIPA servers will resolve DNS queries.

    What I get when doing a nslookup again FreeIPA02 is:
    [root@chcgilfreeipa02 named]# tail -f /var/named/data/named.run | grep penturner
    03-May-2018 18:03:21.104 error (connection refused) resolving 'www.penturners.org/A/IN': 10.220.3.5#53
    03-May-2018 18:03:31.104 error (connection refused) resolving 'www.penturners.org/A/IN': 10.220.3.5#53

    FreeIPA02 is forwarding queries to FreeIPA01 instead of answering itself. How do I fix this?

    [root@chcgilfreeipa02 named]# ipa dnsconfig-show
    Global forwarders: 209.244.0.3, 205.171.3.65
    Forward policy: only
    IPA DNS servers: chcgilfreeipa01.example.prod, chcgilfreeipa02.example.prod, chcgilfreeipa03.example.prod, oakbilfreeipa01.example.prod,
    oakbilfreeipa02.example.prod, oakbilfreeipa03.example.prod

    [root@chcgilfreeipa02 named]# cat /etc/resolv.conf
    search example.prod
    nameserver 127.0.0.1

    Thanks for the help,

    Wes

  2. #2
    Join Date
    May 2018
    Location
    Chicago, IL
    Posts
    2

    Re: FreeIPA DNS Resolving Issues

    OK fixed it. I could not change what Forwarders the server used via the Web Interface, needed to use cli commands. Once I found those it was easy to fix.

    Original setup:
    chcgilfreeipa01.example.prod = 1.1.1.1
    chcgilfreeipa02.example.prod = 2.2.2.2
    chcgilfreeipa03.example.prod = 3.3.3.3
    Outside ISP DNS = 10.10.10.10 and 20.20.20.20

    -bash-4.2$ ipa dnsserver-find
    ---------------------
    3 DNS servers matched
    ---------------------
    Server name: chcgilfreeipa01.example.prod
    SOA mname override: chcgilfreeipa01.example.prod.
    Forwarders: 10.10.10.10, 20.20.20.20
    Forward policy: only

    Server name: chcgilfreeipa02.example.prod
    SOA mname override: chcgilfreeipa02.example.prod.
    Forwarders: 1.1.1.1
    Forward policy: only

    Server name: chcgilfreeipa03.example.prod
    SOA mname override: chcgilfreeipa03.example.prod.
    Forwarders: 1.1.1.1
    Forward policy: only
    ----------------------------
    Number of entries returned 3
    ----------------------------

    Fix:
    -bash-4.2$ ipa dnsserver-mod chcgilfreeipa03.example.prod --forwarder=10.10.10.10 --forwarder=20.20.20.20
    --------------------------------------------------
    Modified DNS server "chcgilfreeipa03.example.prod"
    --------------------------------------------------
    Server name: chcgilfreeipa03.example.prod
    SOA mname override: chcgilfreeipa03.example.prod.
    Forwarders: 10.10.10.10, 20.20.20.20
    Forward policy: only
    -bash-4.2$ ipa dnsserver-mod chcgilfreeipa02.example.prod --forwarder=10.10.10.10 --forwarder=20.20.20.20
    --------------------------------------------------
    Modified DNS server "chcgilfreeipa02.example.prod"
    --------------------------------------------------
    Server name: chcgilfreeipa02.example.prod
    SOA mname override: chcgilfreeipa02.example.prod.
    Forwarders: 10.10.10.10, 20.20.20.20
    Forward policy: only


    -bash-4.2$ ipa dnsserver-find
    ---------------------
    3 DNS servers matched
    ---------------------
    Server name: chcgilfreeipa01.example.prod
    SOA mname override: chcgilfreeipa01.example.prod.
    Forwarders: 10.10.10.10, 4.2.2.1
    Forward policy: only

    Server name: chcgilfreeipa02.example.prod
    SOA mname override: chcgilfreeipa02.example.prod.
    Forwarders: 10.10.10.10, 20.20.20.20
    Forward policy: only

    Server name: chcgilfreeipa03.example.prod
    SOA mname override: chcgilfreeipa03.example.prod.
    Forwarders: 10.10.10.10, 20.20.20.20
    Forward policy: only
    ----------------------------
    Number of entries returned 3
    ----------------------------

    I suspect I could change the Forward Policy to First and that may have used the Global Forwarders, but I prefer not to use Global Forwarders.

    Thanks,

    Wes

Similar Threads

  1. FreeIPA
    By ov10fac in forum Servers & Networking
    Replies: 0
    Last Post: 19th December 2017, 06:55 AM
  2. FREEIPA and NTP
    By wojowojo16 in forum Linux Chat
    Replies: 0
    Last Post: 22nd July 2016, 03:12 PM
  3. freeipa
    By rvaede in forum Servers & Networking
    Replies: 0
    Last Post: 22nd October 2013, 09:58 PM
  4. Preupgrade from Fedora 16 to 17: resolving the issues in a clean and safe manner
    By Mariusz W in forum Installation, Upgrades and Live Media
    Replies: 11
    Last Post: 17th March 2013, 12:18 AM
  5. Replies: 2
    Last Post: 9th January 2005, 06:36 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •