8:51 a.m.
Hi folks,
I am confused: Setting up a new freeipa service (CentOS 7.5) using
ipa-server-install or ipa-dns-install it asks me
Do you want to search for missing reverse zones? [yes]: yes
But then it did not create a reverse zone :-(.
This doesn't look like documented. There is no "--no-reverse", it
did not list any reverse zones it has found, so it should have asked
"Do you want to configure the reverse zone?".
How can I tell ipa-dns-install to create a reverse zone (no matter
what), suitable for dynamic updates, before it adds its own host
name and IPv4 address to the database?
Every helpful comment is highly appreciated.
Harri
-------------------------------------------------------------------------
[root@idms01 centos]# ipa-dns-install
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup DNS for the IPA Server.
This includes:
* Configure DNS (bind)
* Configure SoftHSM (required by DNSSEC)
* Configure ipa-dnskeysyncd (required by DNSSEC)
NOTE: DNSSEC zone signing is not enabled by default
To accept the default shown in brackets, press the Enter key.
Do you want to configure DNS forwarders? [yes]:
Following DNS servers are configured in /etc/resolv.conf: 127.0.0.1
Do you want to configure these servers as DNS forwarders? [yes]: no
Enter an IP address for a DNS forwarder, or press Enter to skip: 1.1.1.1
DNS forwarder 1.1.1.1 added. You may add another.
Enter an IP address for a DNS forwarder, or press Enter to skip:
Checking DNS forwarders, please wait ...
Do you want to search for missing reverse zones? [yes]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring DNS (named)
[1/9]: generating rndc key file
[2/9]: setting up our zone
[3/9]: setting up our own record
[4/9]: adding NS record to the zones
[5/9]: setting up kerberos principal
[6/9]: setting up named.conf
[7/9]: setting up server configuration
[8/9]: configuring named to start on boot
[9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
Restarting the web server to pick up resolv.conf changes
Configuring DNS key synchronization service (ipa-dnskeysyncd)
[1/7]: checking status
[2/7]: setting up bind-dyndb-ldap working directory
[3/7]: setting up kerberos principal
[4/7]: setting up SoftHSM
[5/7]: adding DNSSEC containers
[6/7]: creating replica keys
[7/7]: configuring ipa-dnskeysyncd to start on boot
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
Updating DNS system records
==============================================================================
Setup complete
Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files
You must make sure these network ports are open:
TCP Ports:
* 53: bind
UDP Ports:
* 53: bind
[root@idms01 centos]# ipa dnszone-find
Zone name: example.eu.
Active zone: TRUE
Authoritative nameserver: idms01.example.eu.
Administrator e-mail address: hostmaster.example.eu.
SOA serial: 1533217523
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Allow query: any;
Allow transfer: none;
----------------------------
Number of entries returned 1
----------------------------