So for the last week I'm having trouble with my DNS. It is not working as expected and is giving me all sort of headaches. I have 4 ipa servers and 4 clients. This is test env for evaluation purposes and I wan't to move to production later on. My problem however is DNS. I'm on rhel9.1 and my freeipa version is 4.10.0
[lessfoobar@mserver001p ~]$ ipa dns-update-system-records IPA DNS records: _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos.test.domain.com. 3600 IN TXT "TEST.DOMAIN.COM" _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:mserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver002p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver003p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:mserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver002p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver003p.test.domain.com." _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 mserver001p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver001p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver002p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver003p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 mserver001p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver001p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver002p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver003p.test.domain.com. _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:mserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver002p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver003p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:mserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver002p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver003p.test.domain.com." _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 mserver001p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver001p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver002p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver003p.test.domain.com. ipa-ca.test.domain.com. 3600 IN A 192.168.0.21
[lessfoobar@mserver001p ~]$ sudo ipa dnsconfig-show [sudo] password for lessfoobar: --------------------------------- Global DNS configuration is empty --------------------------------- IPA DNS servers: mserver001p.test.domain.com, rserver001p.test.domain.com, rserver002p.test.domain.com, rserver003p.test.domain.com [lessfoobar@mserver001p ~]$ sudo ipa dns-server-show ipa: ERROR: unknown command 'dns-server-show' [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show Server name: mserver001p.test.domain.com Server name: mserver001p.test.domain.com SOA mname override: mserver001p.test.domain.com. Forward policy: none [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver001p.test.domain.com Server name: rserver001p.test.domain.com SOA mname override: rserver001p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver003p.test.domain.com Server name: rserver003p.test.domain.com SOA mname override: rserver003p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver002p.test.domain.com Server name: rserver002p.test.domain.com SOA mname override: rserver002p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first
[lessfoobar@mserver001p ~]$ sudo ipa dnsrecord-show int.domain.com Record name: rserver001p Record name: rserver001p A record: 192.168.0.22 SSHFP record: REDACTED [lessfoobar@mserver001p ~]$ host 192.168.0.22 Host 22.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN) [lessfoobar@mserver001p ~]$ host rserver001p.test.domain.com Host rserver001p.test.domain.com not found: 2(SERVFAIL)
I'd be more than appreciative if someone lets me know what I'm doing wrong.
PS something else that I've noticed is that selinux is complaining because of ns-slapd
SELinux access control errors SELinux is preventing /usr/bin/pk12util from getattr access on the sock_file /run/pcscd/pcscd.comm. 96 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /var/crash. 8 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/fuse/connections. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/kernel/config. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /boot/efi. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/pstore. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/firmware/efi/efivars. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/bpf. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/kernel/tracing. 22 SELinux is preventing /usr/bin/qemu-ga from read access on the directory /var/crash. 18
Hi,
On Tue, Mar 28, 2023 at 12:23 PM Anonymous via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
So for the last week I'm having trouble with my DNS. It is not working as expected and is giving me all sort of headaches. I have 4 ipa servers and 4 clients. This is test env for evaluation purposes and I wan't to move to production later on. My problem however is DNS. I'm on rhel9.1 and my freeipa version is 4.10.0
[lessfoobar@mserver001p ~]$ ipa dns-update-system-records IPA DNS records: _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos-master._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos-master._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos._tcp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 mserver001p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver001p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver002p.test.domain.com. _kerberos._udp.test.domain.com. 3600 IN SRV 0 100 88 rserver003p.test.domain.com. _kerberos.test.domain.com. 3600 IN TXT "TEST.DOMAIN.COM" _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:mserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver002p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver003p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:mserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver001p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver002p.test.domain.com." _kerberos.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver003p.test.domain.com." _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 mserver001p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver001p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver002p.test.domain.com. _kpasswd._tcp.test.domain.com. 3600 IN SRV 0 100 464 rserver003p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 mserver001p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver001p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver002p.test.domain.com. _kpasswd._udp.test.domain.com. 3600 IN SRV 0 100 464 rserver003p.test.domain.com. _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:mserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver002p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:tcp:rserver003p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:mserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver001p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver002p.test.domain.com." _kpasswd.test.domain.com. 3600 IN URI 0 100 "krb5srv:m:udp:rserver003p.test.domain.com." _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 mserver001p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver001p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver002p.test.domain.com. _ldap._tcp.test.domain.com. 3600 IN SRV 0 100 389 rserver003p.test.domain.com. ipa-ca.test.domain.com. 3600 IN A 192.168.0.21
[lessfoobar@mserver001p ~]$ sudo ipa dnsconfig-show [sudo] password for lessfoobar:
Global DNS configuration is empty
IPA DNS servers: mserver001p.test.domain.com, rserver001p.test.domain.com, rserver002p.test.domain.com, rserver003p.test.domain.com [lessfoobar@mserver001p ~]$ sudo ipa dns-server-show ipa: ERROR: unknown command 'dns-server-show' [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show Server name: mserver001p.test.domain.com Server name: mserver001p.test.domain.com SOA mname override: mserver001p.test.domain.com. Forward policy: none [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver001p.test.domain.com Server name: rserver001p.test.domain.com SOA mname override: rserver001p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver003p.test.domain.com Server name: rserver003p.test.domain.com SOA mname override: rserver003p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first [lessfoobar@mserver001p ~]$ sudo ipa dnsserver-show rserver002p.test.domain.com Server name: rserver002p.test.domain.com SOA mname override: rserver002p.test.domain.com. Forwarders: 192.168.0.21 Forward policy: first
Up to this point, everything you show points to zone 'test.domain.com'.
[lessfoobar@mserver001p ~]$ sudo ipa dnsrecord-show int.domain.com Record name: rserver001p Record name: rserver001p A record: 192.168.0.22 SSHFP record: REDACTED
This is listing records for zone 'int.domain.com'.
[lessfoobar@mserver001p ~]$ host 192.168.0.22 Host 22.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
Do you have reverse records (PTR) in place? What are the records for zone '0.168.192.in-addr.arpa.'?
[lessfoobar@mserver001p ~]$ host rserver001p.test.domain.com Host rserver001p.test.domain.com not found: 2(SERVFAIL)
Maybe someone may guess something here, but I don't know why this error is occurring. Some more information like dns resolution configuration or bind logs might add some light.
Rafael
I'd be more than appreciative if someone lets me know what I'm doing wrong.
PS something else that I've noticed is that selinux is complaining because of ns-slapd
SELinux access control errors SELinux is preventing /usr/bin/pk12util from getattr access on the sock_file /run/pcscd/pcscd.comm. 96 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /var/crash. 8 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/fuse/connections. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/kernel/config. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /boot/efi. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/pstore. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/firmware/efi/efivars. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/bpf. 22 SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/kernel/tracing. 22 SELinux is preventing /usr/bin/qemu-ga from read access on the directory /var/crash. 18 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
Hi thanks for checking my thread out,
This is listing records for zone 'int.domain.com'.
This is my mistake while changing the domain for the post. I've missed this part. you can safely ignore
Do you have reverse records (PTR) in place? What are the records for zone '0.168.192.in-addr.arpa.'?
as rcrit suggested I've added them in the next post. Saw your response after.
Maybe someone may guess something here, but I don't know why this error is occurring. Some more information like dns resolution configuration or bind logs might add some light.
I've re-provisioned the system. Usually I get the errors on the second day after install(the server is turned off for the night because its a homelab). Once I start receiving problems tomorrow I'll provide the requested logs. I've been troubleshooting the problem for the last week so I'm somewhat sure I'll have the issue again tomorrow :D
its getting weirder and weirder ... really speechless
[lessfoobar@rserver003p ~]$ ssh rserver003p.test.domain.com Web console: https://rserver003p.test.domain.com:9090/ or https://192.168.0.24:9090/
Last login: Thu Mar 30 21:48:04 2023 from 192.168.66.66 [lessfoobar@rserver003p ~]$ host mserver001p.test.domain.com ;; connection timed out; no servers could be reached
[lessfoobar@rserver003p ~]$ host 192.168.0.21 ;; connection timed out; no servers could be reached
[lessfoobar@rserver003p ~]$ ping 192.168.0.21 PING 192.168.0.21 (192.168.0.21) 56(84) bytes of data. 64 bytes from 192.168.0.21: icmp_seq=1 ttl=64 time=0.468 ms 64 bytes from 192.168.0.21: icmp_seq=2 ttl=64 time=0.339 ms 64 bytes from 192.168.0.21: icmp_seq=3 ttl=64 time=0.350 ms ^C --- 192.168.0.21 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2063ms rtt min/avg/max/mdev = 0.339/0.385/0.468/0.058 ms [lessfoobar@rserver003p ~]$ ping mserver001p.test.domain.com PING mserver001p.test.domain.com (192.168.0.21) 56(84) bytes of data. 64 bytes from mserver001p.test.domain.com (192.168.0.21): icmp_seq=1 ttl=64 time=0.309 ms 64 bytes from mserver001p.test.domain.com (192.168.0.21): icmp_seq=2 ttl=64 time=0.370 ms ^C --- mserver001p.test.domain.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1038ms rtt min/avg/max/mdev = 0.309/0.339/0.370/0.030 ms [lessfoobar@rserver003p ~]$ host mserver001p.test.domain.com ;; connection timed out; no servers could be reached
[lessfoobar@rserver003p ~]$ nslookup mserver001p.test.domain.com Server: 127.0.0.1 Address: 127.0.0.1#53
** server can't find mserver001p.test.domain.com: SERVFAIL
[lessfoobar@rserver003p ~]$ nslookup 172.16.0.21 ** server can't find 21.0.16.172.in-addr.arpa: NXDOMAIN
[lessfoobar@rserver003p ~]$ dig mserver001p.test.domain.com
; <<>> DiG 9.16.23-RH <<>> mserver001p.test.domain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10470 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 3f974f6add33ea76010000006426d29a01629250835277b5 (good) ;; QUESTION SECTION: ;mserver001p.test.domain.com. IN A
;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 31 14:31:22 CEST 2023 ;; MSG SIZE rcvd: 85
[lessfoobar@rserver003p ~]$ dig 172.16.0.21
; <<>> DiG 9.16.23-RH <<>> 172.16.0.21 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41300 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 1e1fd854345a0275010000006426d2f0d2752751f682fc5c (good) ;; QUESTION SECTION: ;172.16.0.21. IN A
;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023033100 1800 900 604800 86400
;; Query time: 172 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 31 14:32:48 CEST 2023 ;; MSG SIZE rcvd: 143
here is the named.service log
Mar 31 13:29:52 mserver001p.test.domain.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)... ░░ Subject: A start job for unit named.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit named.service has begun execution. ░░ ░░ The job identifier is 2126. Mar 31 13:29:53 mserver001p.test.domain.com bash[16290]: zone localhost.localdomain/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com bash[16290]: zone localhost/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com bash[16290]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com bash[16290]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com bash[16290]: zone 0.in-addr.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: starting BIND 9.16.23-RH (Extended Support Version) id:fde3b1f Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: running on Linux x86_64 5.14.0-162.22.2.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 15 14:44:24 EDT 2023 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: running as: named -u named -c /etc/named.conf -E pkcs11 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: compiled by GCC 11.3.1 20220421 (Red Hat 11.3.1-2) Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: compiled with OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: linked to OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: compiled with libxml2 version: 2.9.13 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: linked to libxml2 version: 20913 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: compiled with json-c version: 0.14 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: linked to json-c version: 0.14 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: compiled with zlib version: 1.2.11 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: linked to zlib version: 1.2.11 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: ---------------------------------------------------- Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: BIND 9 is maintained by Internet Systems Consortium, Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: corporation. Support and training for BIND 9 are Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: available at https://www.isc.org/support Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: ---------------------------------------------------- Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: adjusted limit on open files from 524288 to 1048576 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: found 4 CPUs, using 4 worker threads Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: using 4 UDP listeners per interface Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: using up to 21000 sockets Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: loading configuration from '/etc/named.conf' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: unable to open '/etc/bind.keys'; using built-in keys instead Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: looking for GeoIP2 databases in '/usr/share/GeoIP' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: using default UDP/IPv4 port range: [32768, 60999] Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: using default UDP/IPv6 port range: [32768, 60999] Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: listening on IPv4 interface enp6s18, 192.168.0.21#53 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: listening on IPv6 interface lo, ::1#53 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: listening on IPv6 interface enp6s18, fe80::5054:ff:fe00:21%2#53 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: generating session key for dynamic DNS Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: sizing zone task pool based on 6 zones Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: none:89: 'max-cache-size 90%' - setting to 14356MB (out of 15951MB) Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: loading DynDB instance 'ipa' driver '/usr/lib64/bind/ldap.so' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: bind-dyndb-ldap version 11.9 compiled at 00:00:00 Oct 19 2022, compiler 11.3.1 20220421 (Red Hat 11.3.1-2) Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: SASL mechanisms other than GSSAPI+Kerberos are untested; expect problems Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 10.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 16.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 17.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 18.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 19.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 20.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 21.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 22.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 23.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 24.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 25.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 26.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 27.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 28.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 29.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 30.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 31.172.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 168.192.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 64.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 65.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 66.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 67.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 68.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 69.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 70.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 71.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 72.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 73.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 74.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 75.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 76.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 77.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 78.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 79.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 80.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 81.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 82.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 83.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 84.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 85.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 86.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 87.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 88.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 89.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 90.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 91.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 92.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 93.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 94.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 95.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 96.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 97.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 98.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 99.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 100.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 101.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 102.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 103.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 104.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 105.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 106.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 107.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 108.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 109.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 110.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 111.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 112.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 113.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 114.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 115.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 116.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 117.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 118.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 119.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 120.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 121.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 122.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 123.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 124.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 125.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 126.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 127.100.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 127.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 254.169.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: D.F.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 8.E.F.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 9.E.F.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: A.E.F.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: B.E.F.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: EMPTY.AS112.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: automatic empty zone: HOME.ARPA Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: configuring command channel from '/etc/rndc.key' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: command channel listening on 127.0.0.1#953 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: configuring command channel from '/etc/rndc.key' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: command channel listening on ::1#953 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: managed-keys-zone: loaded serial 8 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 0.in-addr.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 21.172.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 26.172.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 29.172.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 30.172.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 31.172.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 64.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 66.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 69.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 70.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 73.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 80.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 84.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 90.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 95.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 98.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 100.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 101.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 103.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 104.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 106.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 108.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 109.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 110.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 112.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 113.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 116.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 117.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 121.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 122.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 125.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 126.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 127.100.IN-ADDR.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 8.B.D.0.1.0.0.2.IP6.ARPA/IN: shutting down Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone localhost.localdomain/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone localhost/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: all zones loaded Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: running Mar 31 13:29:53 mserver001p.test.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS). ░░ Subject: A start job for unit named.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit named.service has finished successfully. ░░ ░░ The job identifier is 2126. Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: expected unquoted string near '/' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone test.domain.com/IN: failed to parse policy string Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: expected unquoted string near '/' Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: zone 192.168.in-addr.arpa/IN: failed to parse policy string Mar 31 13:29:53 mserver001p.test.domain.com named[16292]: checkhints: unable to get root NS rrset from cache: not found Mar 31 13:30:21 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:31:26 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:32:33 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:33:38 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:34:44 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:35:50 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:36:55 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:38:01 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:39:07 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:40:13 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:41:19 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:42:25 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:43:31 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:44:37 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:45:43 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:46:49 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:47:55 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:49:00 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:50:06 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:51:12 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:52:19 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:53:25 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:54:31 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:55:37 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:56:43 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:57:49 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 13:58:55 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:00:00 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:01:06 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:02:12 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:03:18 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:04:24 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:05:30 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:06:36 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:07:42 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:08:48 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:09:54 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:11:00 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:12:06 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:13:13 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:14:19 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:15:25 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:16:30 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:17:36 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:18:42 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:19:49 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:20:55 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:22:01 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:23:08 mserver001p.test.domain.com named[16292]: received control channel command 'sign test.domain.com.' Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: Stopping Berkeley Internet Name Domain (DNS)... ░░ Subject: A stop job for unit named.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit named.service has begun execution. ░░ ░░ The job identifier is 17154. Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: received control channel command 'stop' Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: no longer listening on 127.0.0.1#53 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: no longer listening on 192.168.0.21#53 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: no longer listening on ::1#53 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: no longer listening on fe80::5054:ff:fe00:21%2#53 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: shutting down: flushing changes Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: stopping command channel on 127.0.0.1#953 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: stopping command channel on ::1#953 Mar 31 14:24:10 mserver001p.test.domain.com named[16292]: exiting Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: named.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit named.service has successfully entered the 'dead' state. Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: Stopped Berkeley Internet Name Domain (DNS). ░░ Subject: A stop job for unit named.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit named.service has finished. ░░ ░░ The job identifier is 17154 and the job result is done. Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: named.service: Consumed 2.956s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit named.service completed and consumed the indicated resources. Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)... ░░ Subject: A start job for unit named.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit named.service has begun execution. ░░ ░░ The job identifier is 17154. Mar 31 14:24:10 mserver001p.test.domain.com bash[21217]: zone localhost.localdomain/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com bash[21217]: zone localhost/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com bash[21217]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com bash[21217]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com bash[21217]: zone 0.in-addr.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: starting BIND 9.16.23-RH (Extended Support Version) id:fde3b1f Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: running on Linux x86_64 5.14.0-162.22.2.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 15 14:44:24 EDT 2023 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: running as: named -u named -c /etc/named.conf -E pkcs11 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: compiled by GCC 11.3.1 20220421 (Red Hat 11.3.1-2) Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: compiled with OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: linked to OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: compiled with libxml2 version: 2.9.13 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: linked to libxml2 version: 20913 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: compiled with json-c version: 0.14 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: linked to json-c version: 0.14 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: compiled with zlib version: 1.2.11 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: linked to zlib version: 1.2.11 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: ---------------------------------------------------- Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: BIND 9 is maintained by Internet Systems Consortium, Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: corporation. Support and training for BIND 9 are Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: available at https://www.isc.org/support Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: ---------------------------------------------------- Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: adjusted limit on open files from 524288 to 1048576 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: found 4 CPUs, using 4 worker threads Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: using 4 UDP listeners per interface Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: using up to 21000 sockets Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: loading configuration from '/etc/named.conf' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: unable to open '/etc/bind.keys'; using built-in keys instead Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: looking for GeoIP2 databases in '/usr/share/GeoIP' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: using default UDP/IPv4 port range: [32768, 60999] Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: using default UDP/IPv6 port range: [32768, 60999] Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: listening on IPv4 interface enp6s18, 192.168.0.21#53 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: listening on IPv6 interface lo, ::1#53 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: listening on IPv6 interface enp6s18, fe80::5054:ff:fe00:21%2#53 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: generating session key for dynamic DNS Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: sizing zone task pool based on 6 zones Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: none:89: 'max-cache-size 90%' - setting to 14356MB (out of 15951MB) Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: loading DynDB instance 'ipa' driver '/usr/lib64/bind/ldap.so' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: bind-dyndb-ldap version 11.9 compiled at 00:00:00 Oct 19 2022, compiler 11.3.1 20220421 (Red Hat 11.3.1-2) Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: SASL mechanisms other than GSSAPI+Kerberos are untested; expect problems Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 10.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 16.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 17.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 18.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 19.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 20.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 21.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 22.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 23.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 24.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 25.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 26.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 27.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 28.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 29.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 30.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 31.172.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 168.192.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 64.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 65.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 66.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 67.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 68.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 69.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 70.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 71.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 72.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 73.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 74.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 75.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 76.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 77.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 78.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 79.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 80.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 81.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 82.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 83.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 84.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 85.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 86.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 87.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 88.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 89.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 90.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 91.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 92.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 93.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 94.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 95.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 96.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 97.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 98.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 99.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 100.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 101.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 102.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 103.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 104.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 105.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 106.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 107.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 108.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 109.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 110.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 111.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 112.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 113.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 114.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 115.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 116.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 117.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 118.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 119.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 120.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 121.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 122.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 123.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 124.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 125.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 126.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 127.100.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 127.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 254.169.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: D.F.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 8.E.F.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 9.E.F.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: A.E.F.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: B.E.F.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: EMPTY.AS112.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: automatic empty zone: HOME.ARPA Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: configuring command channel from '/etc/rndc.key' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: command channel listening on 127.0.0.1#953 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: configuring command channel from '/etc/rndc.key' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: command channel listening on ::1#953 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: managed-keys-zone: loaded serial 9 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 0.in-addr.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 20.172.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 65.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 68.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 70.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 71.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 74.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 76.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 77.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 79.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 80.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 82.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 84.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 85.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 96.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 101.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 103.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 105.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 106.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 108.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 110.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 111.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 112.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 113.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 114.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 115.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 116.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 119.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 120.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 121.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 122.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 123.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 124.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 125.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 126.100.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 254.169.IN-ADDR.ARPA/IN: shutting down Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone localhost.localdomain/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone localhost/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: expected unquoted string near '/' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone test.domain.com/IN: failed to parse policy string Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: all zones loaded Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: running Mar 31 14:24:10 mserver001p.test.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS). ░░ Subject: A start job for unit named.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit named.service has finished successfully. ░░ ░░ The job identifier is 17154. Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: expected unquoted string near '/' Mar 31 14:24:10 mserver001p.test.domain.com named[21219]: zone 192.168.in-addr.arpa/IN: failed to parse policy string Mar 31 14:24:14 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:24:14 mserver001p.test.domain.com named[21219]: checkhints: unable to get root NS rrset from cache: not found Mar 31 14:25:19 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:26:01 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:27:07 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:28:13 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:29:19 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:30:25 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:31:31 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:32:37 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:33:43 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:34:49 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:35:55 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:37:00 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:37:09 mserver001p.test.domain.com named[21219]: no longer listening on 192.168.0.21#53 Mar 31 14:38:35 mserver001p.test.domain.com named[21219]: no longer listening on fe80::5054:ff:fe00:21%2#53 Mar 31 14:38:35 mserver001p.test.domain.com named[21219]: listening on IPv4 interface enp6s18, 192.168.0.21#53 Mar 31 14:39:14 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:40:20 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:41:25 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:42:32 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:43:38 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:44:43 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:45:49 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:46:55 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.' Mar 31 14:48:01 mserver001p.test.domain.com named[21219]: received control channel command 'sign test.domain.com.'
rcrit suggested to add those records also: ipa dnszone-find Zone name: 168.192.in-addr.arpa. Active zone: True Authoritative nameserver: mserver001p.test.domain.com. Administrator e-mail address: hostmaster.test.domain.com. SOA serial: 1680032832 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TEST.DOMAIN.COM krb5-subdomain 168.192.in- addr.arpa. PTR; Dynamic update: True Allow query: any; Allow transfer: none;
Zone name: test.domain.com. Active zone: True Authoritative nameserver: mserver001p.test.domain.com. Administrator e-mail address: hostmaster.test.domain.com. SOA serial: 1680033447 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TEST.DOMAIN.COM krb5-self * A; grant TEST.DOMAIN.COM krb5-self * AAAA; grant TEST.DOMAIN.COM krb5-self * SSHFP; Dynamic update: True Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 2 ----------------------------
so I've narrowed the problem down. installing pure freeipa is working just fine. My problems start arising after I add dns proxy to katello: https://docs.theforeman.org/3.5/Installing_Server/index-katello.html#configu.... I have 4 ipa servers 1 master 3 replicas, each replica has all the options installed on them and I've moved the cert renewal server to replica 1, cert revocation list to replica 2, dnssec key master server to replica 3, I've tested using freeipa as is, for the last 2 days no problem, last night I've reinstalled katello and added the dns smart proxy option to check and as soon as I did that It broke my dns on freeipa, not sure what caused the problem. I've added all the logs from named down to Rafaels answer. Hope there is something that I'm not seeing and that its not a bug that I just found. freeipa is on rhel 9.1. foreman+katello is on rhel 8.7, freeipa servers are subscribed to katello for repos, katello is subscibed to freeipa as a clie nt.
freeipa-users@lists.fedorahosted.org