It's more of a general problem, I realize now that any DNS resolution that requires forwarding fails only on the replica(s). So even "nslookup google.com" fails, but on the first master (ipa1) it's fine and succeeds.
I want to add how the replica was created:
ipa-replica-install --setup-dns \
--forwarder=192.168.66.11 \
--forwarder=192.168.68.41 \
--setup-ca
We've been trying to figure this out for a day. Looking for some help please.
We have servers ipa1 and ipa2. The ipa1 was installed first and it can delegate to a subdomain fine. The ipa2 server does not get an answer. Looking at packets on ipa2, they end up going to my general forwarders to the outside world.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure