Hi,
With ipa-server 4.6.4-10.el7_6.2 on RHEL7, I see the following issue.... My host name is a bit long, of a form: idm01.site01.poc.my.network.com I am installing a fresh new IPA server on this host, with DNS server. Running ipa-server-install without arguments.
During installation I can specify the DNS zone to create. If I specify poc.my.network.com, then I get the following error:
ipapython.dnsutil: ERROR DNS query for idm01.site01.poc.my.network.com. 1 failed: All nameservers failed to answer the query idm01.site01.poc.my.network.com. IN A: Server 127.0.0.1 UDP port 53 answered SERVFAIL
I can see that the A record for the IPA server itself (idm01.site01) wasn't created during installation.
But if I leave the default DNS zone (site01.poc.my.network.com), then everything works fine, the record is created (the record name in that case is just idm01).
Of course, I can create the record manually, and it seems to work fine. But is it expected? Any other issues that I should expect with my non-default zone...?
-- Regards, Dmitry Perets.
"The more one knows, the less opinions he shares" -- Wilhelm Schwebel
Dmitry Perets via FreeIPA-users wrote:
Hi,
With ipa-server 4.6.4-10.el7_6.2 on RHEL7, I see the following issue.... My host name is a bit long, of a form: idm01.site01.poc.my.network.com http://idm01.site01.poc.my.network.com I am installing a fresh new IPA server on this host, with DNS server. Running ipa-server-install without arguments.
During installation I can specify the DNS zone to create. If I specify poc.my.network.com http://poc.my.network.com, then I get the following error:
ipapython.dnsutil: ERROR DNS query for idm01.site01.poc.my.network.com http://idm01.site01.poc.my.network.com. 1 failed: All nameservers failed to answer the query idm01.site01.poc.my.network.com http://idm01.site01.poc.my.network.com. IN A: Server 127.0.0.1 UDP port 53 answered SERVFAIL
I can see that the A record for the IPA server itself (idm01.site01) wasn't created during installation.
But if I leave the default DNS zone (site01.poc.my.network.com http://site01.poc.my.network.com), then everything works fine, the record is created (the record name in that case is just idm01).
Of course, I can create the record manually, and it seems to work fine. But is it expected? Any other issues that I should expect with my non-default zone...?
Right, IPA isn't going to recursively fill in the missing zones for you.
Is there a particular reason you want to install this way?
rob
Right, IPA isn't going to recursively fill in the missing zones for you.
Is there a particular reason you want to install this way?
rob
Actually yes. It is a multi-site private cloud deployment. All sites are identical. The naming convention is <device>.<site>.<project>.<domain>.
IPA has replicas on each site (to replicate LDAP directory, since it needs to be identical on each site). So also DNS is replicated. And hence, we cannot define a zone <site>.<project>.<domain>. We must have a project-wide zone, and <device>.<site> should be considered just as a record name...
Or would you do it differently?
And if I still want to do it this way, to you foresee more headache, except for just defining the A record manually?
Thanks!
--- Regards, Dmitry Perets
freeipa-users@lists.fedorahosted.org
-
Dmitry Perets -
Rob Crittenden