2:26 p.m.
Kristian Petersen via FreeIPA-users wrote:
Hey all,
I am using IPA for my DNS and have 3 total servers in the group. 2 of
them are responding to queries just fine, but the 3rd (which is bare
metal, not a VM like the others) is not resolving the queries issued to
it. Running ipactl status returns all services running:
[root@ipa3 /]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
*named Service: RUNNING *
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
We tried restarting the services but didn't change anything. Next we
tries to do a forced sync of the server with one of its working replicas:
ipa-replica-manage force-sync --from ipa1.example.com
<http://ipa1.example.com>
We also tried re-initializing the non-working replica:
ipa-replica-manage re-initialize --from ipa1.example.com
<http://ipa1.example.com>
However, it still won't resolve any queries directed to it. Any ideas
of what to try next?
Can you clarify what doesn't resolve means?
Is dig timing out, returning the wrong data, etc? Is that on the same
host or another host? What do the bind logs show? journalctl?
rob