Hey All,
I've 4 NS servers:
ipa01.unix.dom.name 192.168.0.44 ipa02.unix.dom.name 192.168.0.45
and remote ones (Just simple named / DNS )
dns01.d01.unix.dom.name 192.168.0.130 dns02.d01.unix.dom.name 192.168.0.132
When using:
1) ipa dnsforwardzone-add d01.unix.dom.name --forwarder=192.168.0.130 --forwarder=192.168.0.132 --forward-policy=only 2) ipa dnsrecord-add unix.dom.name. d01 --ns-rec=d01.unix.dom.name.
I'm greeted with:
ipa: ERROR: Nameserver 'd01.unix.dom.name.' does not have a corresponding A/AAAA record
So I can add an A record on the IPA servers but perhaps this is looking for the A record on the forwarding DNS servers 192.168.0.130 and 192.168.0.132?
If I'm adding it on the IPA side then I'll add d01 with two IP addresses to? Doesn't seem to make sense. I just need to forward on d01. I'm forwarding the whole subzone.
What I have is:
ipa-common-4.5.0-22.el7.centos.noarch python2-ipaclient-4.5.0-22.el7.centos.noarch python-ipaddress-1.0.16-2.el7.noarch ipa-client-common-4.5.0-22.el7.centos.noarch python-iniparse-0.4-9.el7.noarch ipa-server-common-4.5.0-22.el7.centos.noarch ipa-server-dns-4.5.0-22.el7.centos.noarch python-libipa_hbac-1.15.2-50.el7_4.8.x86_64 libipa_hbac-1.15.2-50.el7_4.8.x86_64 python2-ipaserver-4.5.0-22.el7.centos.noarch sssd-ipa-1.15.2-50.el7_4.8.x86_64 ipa-client-4.5.0-22.el7.centos.x86_64 ipa-python-compat-4.5.0-22.el7.centos.noarch ipa-server-trust-ad-4.5.0-22.el7.centos.x86_64 python2-ipalib-4.5.0-22.el7.centos.noarch ipa-server-4.5.0-22.el7.centos.x86_64
Please disregard ( blame lack of sleep - :) ). On further reading I needed dns01.d01 A record set to IP 192.168.0.130 then a dns01 NS record set to dns01.d01 .
https://www.freeipa.org/page/Troubleshooting/DNS#Forward_zone_does_not_work
freeipa-users@lists.fedorahosted.org