ipa-replica-manage DNS backend issues? - FreeIPA-users - Fedora mailing-lists

21 Dec 2017

      Hi,
Running IPA-server 4.5.0-21
I lost 2/3 IPA servers from power failure, replication didn't recover. I
want to drop the replicas and add new ones, but can't see a list of
replicas. It's giving me SERVFAIL for google DNS which seems unlikely.
Anyone know of a trick forward to recovery?
[root@auth1 root]# ipa-replica-manage list
ipa: ERROR: DNS query for auth1.example.com. A failed: All nameservers
failed to answer the query auth1.example.com. IN A: Server 8.8.8.8 UDP port
53 answered SERVFAIL
Re-run /sbin/ipa-replica-manage with --verbose option to get more
information
Unexpected error: All nameservers failed to answer the query
gvoauth1.gvoperations.com. IN A: Server 8.8.8.8 UDP port 53 answered
SERVFAIL
The worst part: it seems like DNS works great and FreeIPA has hit a snag. =(
# from freeipa
[root@auth1 iptables]# dig google.com @8.8.8.8
;; ANSWER SECTION:
google.com. 299 IN A 216.58.218.110
# from workstation to freeipa server
mac:~$ dig google.com @auth1
; <<>> DiG 9.8.3-P1 <<>> google.com @auth1
;; global options: +cmd
;; ANSWER SECTION:
google.com. 300 IN A 216.58.218.110
-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error, please notify the system manager. 
Please note that any views or opinions presented in this email are solely 
those of the author and do not necessarily represent those of the company. 
Finally, the recipient should check this email and any attachments for the 
presence of viruses. The company accepts no liability for any damage caused 
by any virus transmitted by this email.