Hi,

Running IPA-serverĀ 4.5.0-21

I lost 2/3 IPA servers from power failure, replication didn't recover. I want to drop the replicas and add new ones, but can't see a list of replicas. It's giving me SERVFAIL for google DNS which seems unlikely.

Anyone know of a trick forward to recovery?

[root@auth1 root]# ipa-replica-manage list

ipa: ERROR: DNS query for auth1.example.com. A failed: All nameservers failed to answer the query auth1.example.com. IN A: Server 8.8.8.8 UDP port 53 answered SERVFAIL

Re-run /sbin/ipa-replica-manage with --verbose option to get more information

Unexpected error: All nameservers failed to answer the query gvoauth1.gvoperations.com. IN A: Server 8.8.8.8 UDP port 53 answered SERVFAIL



The worst part: it seems like DNS works great and FreeIPA has hit a snag. =(


# from freeipa

[root@auth1 iptables]# dig google.com @8.8.8.8

;; ANSWER SECTION:

google.com. 299 IN A 216.58.218.110



# from workstation to freeipa server

mac:~$ dig google.com @auth1


; <<>> DiG 9.8.3-P1 <<>> google.com @auth1

;; global options: +cmd

;; ANSWER SECTION:

google.com. 300 IN A 216.58.218.110



This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.