Otdfbt

Managing heat dissipation in a magic wand

Is there a word for pant sleeves?

If I arrive in the UK, and then head to mainland Europe, does my Schengen visa 90 day limit start when I arrived in the UK, or mainland Europe?

Way of refund if scammed?

What to call a small, open stone or cement reservoir that supplies fresh water from a spring or other natural source?

Does the fact that we can only measure the two-way speed of light undermine the axiom of invariance?

How to make Flex Markers appear in Logic Pro X?

Existence of a model of ZFC in which the natural numbers are really the natural numbers

Adobe Illustrator: How can I change the profile of a dashed stroke?

How do I write real-world stories separate from my country of origin?

Why the work done is positive when bringing 2 opposite charges together?

size of pointers and architecture

Make the `diff` command look only for differences from a specified range of lines

Is there any mention of ghosts who live outside the Hogwarts castle?

Does ls -R make any sense with -d?

What defines a person who is circumcised "of the heart"?

Why is the Psionic Artificer considered to be better than all other tier 1 classes?

Computing elements of a 1000x60 matrix exhausts RAM

Proto-Indo-European (PIE) words with IPA

How many wires should be in a new thermostat cable?

What pc resources are used when bruteforcing?

Which values for voltage divider

How can I reduce the size of matrix?

How could the B-29 bomber back up under its own power?

how to disable forwarder in freeipa servers named.conf

bind9 configuration problemnamed Cluster DNS breaking sshCentOS BIND DNS Troubleshooting?Plesk 11 named.conf FailedVariables in named.confBind with openDNS forwarder fails to resolve some local domainsipa users cannot sudo on some machines only, including the ipa serverTroubleshooting a DNS issueCentOS 7 BIND DNS SERVFAIL when nslookup for internal serversConfigure Bind9 to try next forwarder on NXDOMAIN

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

My IPA server's named.conf has this in it since I chose to enter a forwarder address during the ipa-server-install.

forward first;
 forwarders 
 132.206.44.21;
 132.216.44.21;
 ;

Now I can only resolve hostnames through this forwarder and the ipa-client hosts I've joined on my network are ignored. I know the local hosts are in the local DNS because I can do ipa dnsrecord-show hostname and it gives the IP. Why is it ignoring this when I do ping or nslookup? I thought the forward first policy is supposed to fall back on the local DNS unlike forward only policy?

I've also tried:

ipa dnsconfig-mod --forwarder=''
ipa dnszone-mod --forwarder='' zonename
ipa dnszone-mod --forward-policy=none zonename
service named restart

no joy :(

bind freeipa named-conf

share|improve this question

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

add a comment | 

1

My IPA server's named.conf has this in it since I chose to enter a forwarder address during the ipa-server-install.

forward first;
 forwarders 
 132.206.44.21;
 132.216.44.21;
 ;

Now I can only resolve hostnames through this forwarder and the ipa-client hosts I've joined on my network are ignored. I know the local hosts are in the local DNS because I can do ipa dnsrecord-show hostname and it gives the IP. Why is it ignoring this when I do ping or nslookup? I thought the forward first policy is supposed to fall back on the local DNS unlike forward only policy?

I've also tried:

ipa dnsconfig-mod --forwarder=''
ipa dnszone-mod --forwarder='' zonename
ipa dnszone-mod --forward-policy=none zonename
service named restart

no joy :(

bind freeipa named-conf

share|improve this question

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

add a comment | 

My IPA server's named.conf has this in it since I chose to enter a forwarder address during the ipa-server-install.

forward first;
 forwarders 
 132.206.44.21;
 132.216.44.21;
 ;

Now I can only resolve hostnames through this forwarder and the ipa-client hosts I've joined on my network are ignored. I know the local hosts are in the local DNS because I can do ipa dnsrecord-show hostname and it gives the IP. Why is it ignoring this when I do ping or nslookup? I thought the forward first policy is supposed to fall back on the local DNS unlike forward only policy?

I've also tried:

ipa dnsconfig-mod --forwarder=''
ipa dnszone-mod --forwarder='' zonename
ipa dnszone-mod --forward-policy=none zonename
service named restart

no joy :(

bind freeipa named-conf

share|improve this question

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

forward first;
 forwarders 
 132.206.44.21;
 132.216.44.21;
 ;

ipa dnsconfig-mod --forwarder=''
ipa dnszone-mod --forwarder='' zonename
ipa dnszone-mod --forward-policy=none zonename
service named restart

share|improve this question

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

share|improve this question

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

edited Apr 25 '15 at 7:31

Andrew Schulman

6,477102241

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

asked Apr 25 '15 at 5:35

Jesse StaceyJesse Stacey

62

1 Answer
1

active

oldest

votes

0

The forwarders in named.conf are separate from the forwarders set by IPA commands. The both sets of forwarders apply simultaneously. You need to remove forwarders or update them in named.conf.

See Documentation of FreeIPA for explanation of the behavior of forwarder policies.

Additionally, check that your /etc/resolv.conf actually specifies IP address of IPA DNS server.

share|improve this answer

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the resolv.conf of the server does point to itself but if I do a nslookup on the server name it fails since the external DNS forwarder for McGill U only resolves external stuff. I've tried commenting out the forwarders in the the named.conf but when I restart the named service it fails. I wish I could just do ipa-server-install again but all my end users have already ssh'd into this IPA server and set their passwords, so I don't want to lose that.
  
  – Jesse Stacey
  Apr 26 '15 at 4:13
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Without seeing error messages it is hard to guess what your problem is. Can you show what failure is displayed by named?
  
  – abbra
  Apr 26 '15 at 20:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So I have an idea of whats happening now. After installing freeipa server I used a script to import my old NIS server's passwd and hosts file. After that, the web interface listed all the users and hostnames properly, but there were no A-name records in the DNS records. Even when I add a client to the realm using ipa-client-install it will say something about could not add a DNS entry for the host, and I did specify auto DNS updates in my zone. However if I add an A name record manually through web interface, nslookup works fine for the host. I dread having to add 255 hosts manually.
  
  – Jesse Stacey
  Apr 29 '15 at 3:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use ipa dnsrecord-add and script that.
  
  – abbra
  Apr 29 '15 at 19:26
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f685499%2fhow-to-disable-forwarder-in-freeipa-servers-named-conf%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

The forwarders in named.conf are separate from the forwarders set by IPA commands. The both sets of forwarders apply simultaneously. You need to remove forwarders or update them in named.conf.

See Documentation of FreeIPA for explanation of the behavior of forwarder policies.

Additionally, check that your /etc/resolv.conf actually specifies IP address of IPA DNS server.

share|improve this answer

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the resolv.conf of the server does point to itself but if I do a nslookup on the server name it fails since the external DNS forwarder for McGill U only resolves external stuff. I've tried commenting out the forwarders in the the named.conf but when I restart the named service it fails. I wish I could just do ipa-server-install again but all my end users have already ssh'd into this IPA server and set their passwords, so I don't want to lose that.
  
  – Jesse Stacey
  Apr 26 '15 at 4:13
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Without seeing error messages it is hard to guess what your problem is. Can you show what failure is displayed by named?
  
  – abbra
  Apr 26 '15 at 20:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So I have an idea of whats happening now. After installing freeipa server I used a script to import my old NIS server's passwd and hosts file. After that, the web interface listed all the users and hostnames properly, but there were no A-name records in the DNS records. Even when I add a client to the realm using ipa-client-install it will say something about could not add a DNS entry for the host, and I did specify auto DNS updates in my zone. However if I add an A name record manually through web interface, nslookup works fine for the host. I dread having to add 255 hosts manually.
  
  – Jesse Stacey
  Apr 29 '15 at 3:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use ipa dnsrecord-add and script that.
  
  – abbra
  Apr 29 '15 at 19:26
  

  
  
  
  

add a comment | 

0

The forwarders in named.conf are separate from the forwarders set by IPA commands. The both sets of forwarders apply simultaneously. You need to remove forwarders or update them in named.conf.

See Documentation of FreeIPA for explanation of the behavior of forwarder policies.

Additionally, check that your /etc/resolv.conf actually specifies IP address of IPA DNS server.

share|improve this answer

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the resolv.conf of the server does point to itself but if I do a nslookup on the server name it fails since the external DNS forwarder for McGill U only resolves external stuff. I've tried commenting out the forwarders in the the named.conf but when I restart the named service it fails. I wish I could just do ipa-server-install again but all my end users have already ssh'd into this IPA server and set their passwords, so I don't want to lose that.
  
  – Jesse Stacey
  Apr 26 '15 at 4:13
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Without seeing error messages it is hard to guess what your problem is. Can you show what failure is displayed by named?
  
  – abbra
  Apr 26 '15 at 20:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So I have an idea of whats happening now. After installing freeipa server I used a script to import my old NIS server's passwd and hosts file. After that, the web interface listed all the users and hostnames properly, but there were no A-name records in the DNS records. Even when I add a client to the realm using ipa-client-install it will say something about could not add a DNS entry for the host, and I did specify auto DNS updates in my zone. However if I add an A name record manually through web interface, nslookup works fine for the host. I dread having to add 255 hosts manually.
  
  – Jesse Stacey
  Apr 29 '15 at 3:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use ipa dnsrecord-add and script that.
  
  – abbra
  Apr 29 '15 at 19:26
  

  
  
  
  

add a comment | 

The forwarders in named.conf are separate from the forwarders set by IPA commands. The both sets of forwarders apply simultaneously. You need to remove forwarders or update them in named.conf.

See Documentation of FreeIPA for explanation of the behavior of forwarder policies.

Additionally, check that your /etc/resolv.conf actually specifies IP address of IPA DNS server.

share|improve this answer

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

share|improve this answer

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

edited May 27 '16 at 5:49

Abhijeet Kasurde

895720

answered Apr 25 '15 at 9:13

abbraabbra

77037

answered Apr 25 '15 at 9:13

abbraabbra

77037