Hello, dnssec validation was already off. And it still fails.
Rob
Op do 24 nov. 2022 08:49 schreef Florence Blanc-Renaud flo@redhat.com:
Hi, I wonder if you're hitting *Bug 1999321* https://bugzilla.redhat.com/show_bug.cgi?id=1999321 - DNS often stops resolving properly after FreeIPA server upgrade to Fedora 35 or 36
The workaround would be to disable dnssec validation. Edit /etc/named/ipa-options-ext.conf or /etc/named.conf (depending on your version) and replace dnssec-validation yes with dnssec-validation no
Then restart named.
HTH, flo
On Tue, Nov 22, 2022 at 3:59 PM Rob Verduijn via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello,
I've found an issue with my ipa dns setup.
all local dns queries work fine. However queries outside my ipa domain fail most of the time.
I found this error in the logs: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
I think that this causes my problems with external dns.
Anybody who knows how to deal with this ? Rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue