Hi,
After I did a "ipa server-del" I was expecting that the SRV and URI records were cleaned up as well. But they weren't. I'm talking about DNS records like _kerberos.example.com _kerberos_tcp.example.com _ldap_tcp.example.com etc
Is this a known issue? Am I expected to cleanup these entries myself? after a ipa server-del
On Пят, 15 ліс 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
After I did a "ipa server-del" I was expecting that the SRV and URI records were cleaned up as well. But they weren't. I'm talking about DNS records like _kerberos.example.com _kerberos_tcp.example.com _ldap_tcp.example.com etc
Is this a known issue? Am I expected to cleanup these entries myself? after a ipa server-del
It does clean up DNS server entries if integrated DNS is enabled: - removes master DNS records for the replica - removes DNSSEC public keys associated with that replica
If any of those operations failed, you'll get a message returned as a part of the command. There are two messages:
self.add_message( messages.ServerRemovalWarning( message=_( "Failed to cleanup %(hostname)s DNS entries: " "%(err)s") % dict(hostname=hostname, err=e)))
self.add_message( messages.ServerRemovalWarning( message=_("You may need to manually remove them from the " "tree")))
On 15-11-2024 14:01, Alexander Bokovoy wrote:
On Пят, 15 ліс 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
After I did a "ipa server-del" I was expecting that the SRV and URI records were cleaned up as well. But they weren't. I'm talking about DNS records like _kerberos.example.com _kerberos_tcp.example.com _ldap_tcp.example.com etc
Is this a known issue? Am I expected to cleanup these entries myself? after a ipa server-del
It does clean up DNS server entries if integrated DNS is enabled: - removes master DNS records for the replica - removes DNSSEC public keys associated with that replica
If any of those operations failed, you'll get a message returned as a part of the command. There are two messages:
self.add_message( messages.ServerRemovalWarning( message=_( "Failed to cleanup %(hostname)s DNS entries: " "%(err)s") % dict(hostname=hostname, err=e)))
self.add_message( messages.ServerRemovalWarning( message=_("You may need to manually remove them from the " "tree")))
Well, in my case it didn't cleanup the above mentioned records. There are still 15 SRV and URI records were the removed server is listed.
The NS record for the deleted server is correctly removed.
The ipa server-del command completed without error.
I don't mind cleaning up manually if that can be done from the command line.
On Пят, 15 ліс 2024, Kees Bakker wrote:
On 15-11-2024 14:01, Alexander Bokovoy wrote:
On Пят, 15 ліс 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
After I did a "ipa server-del" I was expecting that the SRV and URI records were cleaned up as well. But they weren't. I'm talking about DNS records like _kerberos.example.com _kerberos_tcp.example.com _ldap_tcp.example.com etc
Is this a known issue? Am I expected to cleanup these entries myself? after a ipa server-del
It does clean up DNS server entries if integrated DNS is enabled: - removes master DNS records for the replica - removes DNSSEC public keys associated with that replica
If any of those operations failed, you'll get a message returned as a part of the command. There are two messages:
self.add_message( messages.ServerRemovalWarning( message=_( "Failed to cleanup %(hostname)s DNS entries: " "%(err)s") % dict(hostname=hostname, err=e)))
self.add_message( messages.ServerRemovalWarning( message=_("You may need to manually remove them from the " "tree")))
Well, in my case it didn't cleanup the above mentioned records. There are still 15 SRV and URI records were the removed server is listed.
You can try to run what it was supposed to run, as a part of IPA console on an IPA server:
# ipa -e in_server=true console (Custom IPA interactive Python console) api: IPA API object pp: pretty printer
from ipaserver.install import bindinstance bindinstance.remove_master_dns_records('fqdn-of-old-server', api.env.realm)
This should print few messages as it goes through the removal. I haven't tried it myself, though -- I don't have a spare server to remove at this moment.
On 15-11-2024 19:13, Alexander Bokovoy wrote:
On Пят, 15 ліс 2024, Kees Bakker wrote:
On 15-11-2024 14:01, Alexander Bokovoy wrote:
On Пят, 15 ліс 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
After I did a "ipa server-del" I was expecting that the SRV and URI records were cleaned up as well. But they weren't. I'm talking about DNS records like _kerberos.example.com _kerberos_tcp.example.com _ldap_tcp.example.com etc
Is this a known issue? Am I expected to cleanup these entries myself? after a ipa server-del
It does clean up DNS server entries if integrated DNS is enabled: - removes master DNS records for the replica - removes DNSSEC public keys associated with that replica
If any of those operations failed, you'll get a message returned as a part of the command. There are two messages:
self.add_message( messages.ServerRemovalWarning( message=_( "Failed to cleanup %(hostname)s DNS entries: " "%(err)s") % dict(hostname=hostname, err=e)))
self.add_message( messages.ServerRemovalWarning( message=_("You may need to manually remove them from the " "tree")))
Well, in my case it didn't cleanup the above mentioned records. There are still 15 SRV and URI records were the removed server is listed.
You can try to run what it was supposed to run, as a part of IPA console on an IPA server:
# ipa -e in_server=true console (Custom IPA interactive Python console) api: IPA API object pp: pretty printer
from ipaserver.install import bindinstance bindinstance.remove_master_dns_records('fqdn-of-old-server', api.env.realm)
This should print few messages as it goes through the removal. I haven't tried it myself, though -- I don't have a spare server to remove at this moment.
Great. That worked. It's good to have this fallback in case it happens again. Thanks Alexander.
freeipa-users@lists.fedorahosted.org