9:48 a.m.
FreeIPA 4.9.6 One Server.
I made a big mistake - accidentally deleted NS record from my dns zone and reload named.
Zone configured via dyndb
Now the dns server is not starting - zone company.local/IN: has no NS records
If I try to add ns record from command line
ipa dnsrecord-add gisw.ru @ --ns-hostname=vm-it-ipa1.company.local.
ipa: ERROR: All nameservers failed to answer the query vm-it-ipa1.company.local.ru. IN A:
Server 127.0.0.1 UDP port 53 answered SERVFAIL
I'm stumped....
12:05 p.m.
Nikolay Sukhno via FreeIPA-users wrote:
FreeIPA 4.9.6 One Server.
I made a big mistake - accidentally deleted NS record from my dns zone and reload named.
Zone configured via dyndb
Now the dns server is not starting - zone company.local/IN: has no NS records
If I try to add ns record from command line
ipa dnsrecord-add gisw.ru @ --ns-hostname=vm-it-ipa1.company.local.
ipa: ERROR: All nameservers failed to answer the query vm-it-ipa1.company.local.ru. IN A:
Server 127.0.0.1 UDP port 53 answered SERVFAIL
I'm stumped....
I'd try adding --force to the dnsrecord-add command.
If that fails below is what the NS record on my vanilla, standalone test
deployment looks like. You could try customizing this and using ldapadd
to add the entry to see if that will bring the server back up.
rob
dn: idnsname=example.test.,cn=dns,dc=example,dc=test
idnsname: @
nsrecord: ipa.example.test.
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any;
idnsAllowTransfer: none;
idnsSOAexpire: 1209600
idnsSOAmName: ipa.example.test.
idnsSOAminimum: 3600
idnsSOArName: hostmaster.example.test.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOAserial: 1643518803
idnsUpdatePolicy: grant EXAMPLE.TEST krb5-self * A; grant EXAMPLE.TEST
krb5-self * AAAA; grant EXAMPLE.TEST krb5-self * SSHFP;
idnsZoneActive: TRUE
objectClass: top
objectClass: idnsrecord
objectClass: idnszone
2:04 a.m.
Thanks for the answer!
--force key helped!
Feeling very stupid that I didn't see what he was. But I have a small excuse, there is
not a word about it in the documentation
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/...
9 a.m.
Nikolay Sukhno via FreeIPA-users wrote:
Thanks for the answer!
--force key helped!
Feeling very stupid that I didn't see what he was. But I have a small excuse, there
is not a word about it in the documentation
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/...
I'm not sure you said what release you're running but RHEL 6 is quite
old now, I think running v3.3.x.
The force option was added to the UI as "Skip DNS check" in IPA 4.2.0. I
think the option has been in the cli for quite a while.
rob
823
days inactive
824
days old
freeipa-users@lists.fedorahosted.org
3 comments
2 participants
participants (2)
-
Nikolay Sukhno -
Rob Crittenden