I am trying to migrate to CentOS 8 in my home lab. And I have gotten FreeIPA installed. However I am using caprica.space as my domain name but I don't think bind/named likes me using that. Is this an issue the version in FreeIPA or did I do something wrong? I found this out because FreeIPA won't start. Fails on named.
14-Nov-2019 13:00:43.566 zone 100.51.198.IN-ADDR.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 113.0.203.IN-ADDR.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 255.255.255.255.IN-ADDR.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone D.F.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 8.E.F.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 9.E.F.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone A.E.F.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone B.E.F.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone 8.B.D.0.1.0.0.2.IP6.ARPA/IN: shutting down 14-Nov-2019 13:00:43.566 zone EMPTY.AS112.ARPA/IN: shutting down 14-Nov-2019 13:00:43.620 LDAP configuration for instance 'ipa' synchronized 14-Nov-2019 13:00:43.657 LDAP data for instance 'ipa' are being synchronized, please ignore message 'all zones loaded' 14-Nov-2019 13:00:43.669 managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted 14-Nov-2019 13:00:43.819 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.819 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.819 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.820 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.820 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.820 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.820 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.820 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.821 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.821 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.821 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.821 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.821 dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type 14-Nov-2019 13:00:43.822 zone 10.150.10.in-addr.arpa/IN: loaded serial 1573758043 14-Nov-2019 13:00:43.822 zone caprica.space/IN: NS 'freeipa01.asm.caprica.space' has no address records (A or AAAA) 14-Nov-2019 13:00:43.822 zone caprica.space/IN: not loaded due to errors. 14-Nov-2019 13:00:43.822 1 master zones from LDAP instance 'ipa' loaded (2 zones defined, 0 inactive, 1 failed to load) 14-Nov-2019 13:00:43.824 zone caprica.space/IN: NS 'freeipa01.asm.caprica.space' has no address records (A or AAAA) 14-Nov-2019 13:00:43.824 zone caprica.space/IN: not loaded due to errors. 14-Nov-2019 13:00:43.824 update_zone (syncrepl) failed for master zone DN 'idnsname=caprica.space.,cn=dns,dc=caprica,dc=space'. Zones can be outdated, run `rndc reload`: bad zone 14-Nov-2019 13:01:38.383 received control channel command 'stop' 14-Nov-2019 13:01:38.384 shutting down: flushing changes 14-Nov-2019 13:01:38.384 stopping command channel on 127.0.0.1#953 14-Nov-2019 13:01:38.384 stopping command channel on ::1#953 14-Nov-2019 13:01:38.385 unloading DynDB instance 'ipa' 14-Nov-2019 13:01:38.386 zone 10.150.10.in-addr.arpa/IN: shutting down 14-Nov-2019 13:01:38.387 no longer listening on ::#53 14-Nov-2019 13:01:38.387 no longer listening on 127.0.0.1#53 14-Nov-2019 13:01:38.387 no longer listening on 10.150.10.15#53 14-Nov-2019 13:01:38.404 exiting
Andrew Meyer via FreeIPA-users wrote:
I am trying to migrate to CentOS 8 in my home lab. And I have gotten FreeIPA installed. However I am using caprica.space as my domain name but I don't think bind/named likes me using that. Is this an issue the version in FreeIPA or did I do something wrong? I found this out because FreeIPA won't start. Fails on named.
I don't think IPA cares about the domain name you've chosen. Can you provide more details on how you installed this? Can we see the install log?
rob
Andrew Meyer via FreeIPA-users wrote:
Sure. Give me a bit to gather that.
Could be related to:
2019-11-13T04:02:26Z INFO Checking DNS domain caprica.space., please wait ... 2019-11-13T04:02:26Z WARNING DNS zone caprica.space. already exists in DNS and is handled by server(s): dns2.registrar-servers.com., dns1.registrar-servers.com. Please make sure that the domain is properly delegated to this IPA server.
rob
Ok I have pointed the domain to my IP address (also setup DDNS with the registrar). Howevver BIND still fails.
Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: starting BIND 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 (Extended Support Version) id:7107deb Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: running on Linux x86_64 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-pref> Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: running as: named-pkcs11 -u named -c /etc/named.conf Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: compiled by GCC 8.2.1 20180905 (Red Hat 8.2.1-3) Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: compiled with libxml2 version: 2.9.7 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: linked to libxml2 version: 20907 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: compiled with zlib version: 1.2.11 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: linked to zlib version: 1.2.11 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: threads support is enabled Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: ---------------------------------------------------- Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: BIND 9 is maintained by Internet Systems Consortium, Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: corporation. Support and training for BIND 9 are Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: available at https://www.isc.org/support Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: ---------------------------------------------------- Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: adjusted limit on open files from 4096 to 1048576 Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: found 1 CPU, using 1 worker thread Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: using 1 UDP listener per interface Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: using up to 21000 sockets Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: Configuration.cpp(94): Missing log.level in configuration. Using default value: INFO Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: ObjectStore.cpp(59): Failed to enumerate object store in /var/lib/ipa/dnssec/tokens Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: SoftHSM.cpp(507): Could not load the object store Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: initializing DST: PKCS#11 initialization failed Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: exiting (due to fatal error) Nov 14 20:46:28 freeipa01.asm.caprica.space systemd[1]: named-pkcs11.service: Control process exited, code=exited status=1 Nov 14 20:46:28 freeipa01.asm.caprica.space systemd[1]: named-pkcs11.service: Failed with result 'exit-code'. Nov 14 20:46:28 freeipa01.asm.caprica.space systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11. -- Subject: Unit named-pkcs11.service has failed -- Defined-By: systemd -- Support: https://access.redhat.com/support
So since I was using an externally registered domain. The install script didn't create the SSHFP records. I am still working on delegating DNS to my FIPA server.
freeipa-users@lists.fedorahosted.org
-
Andrew Meyer -
Rob Crittenden