On su, 03 maalis 2019, Vivek Aggarwal via FreeIPA-users wrote:
btw, i've created a new machine with following settings , by
abandoning the ".local" TLD
Hostname : testing-infra-01-dal1.testing.stg.avtar.test
realm_name: avtar.test
domain_name: avtar.test
But still getting the same error as below
+++++++++++++++++++++++++++++++
ipapython.dnsutil: ERROR DNS query for testing-infra-01-dal13.testing.stg.avtar.test.1
failed: All nameservers failed to answer the query
testing-infra-01-dal13.testing.stg.avtar.test. IN A: Server 127.0.0.1 UDP port 53 answered
SERVFAIL
ipaserver.dns_data_management: ERROR unable to resolve host name
testing-infra-01-dal13.testing.stg.avtar.test. to IP address, ipa-ca DNS record will be
incomplete
++++++++++++++++++++++++++++++++++++
And The entry in resolv.conf is as below
search avtar.test
nameserver 127.0.0.1
+++++++++++++++++++++++++++++++
But if i give "testing.stg.avtar.test" as my domain & realm name then
things just work fine without any errors. Any comments on this
behaviour , why is it working in this case??
The installer is not accounting for such configurations and for a good
reason. First, if your primary domain and realm avtar.test,
.stg.avtar.test and .testing.stg.avtar.test are two DNS zones nested
within avtar.test. For a DNS zone you need to properly set it up within
the parent domain. There are no such things like multi-dot host names
inside a DNS domain zone. See RFC1034 section 3.5:
----
The labels must follow the rules for ARPANET host names. They must
start with a letter, end with a letter or digit, and have as interior
characters only letters, digits, and hyphen. There are also some
restrictions on the length. Labels must be 63 characters or less.
----
Second, for integrated DNS it is IPA master that you are deploying right
now which is authoritative for avtar.test. It doesn't know anything
about any child DNS zone in avtar.test at the time of deployment because
by definition the zone is being created at this point and is empty.
You may create an IPA master outside the primary domain, if the DNS zone
for that master's hostname is handled by something else resolvable at
the moment of deployment via DNS (not /etc/hosts).
I'd suggest you to set up an IPA master in avtar.test. Then you can
create .stg.avtar.test and .staging.stg.avtar.test zones. Finally,
deploy a replica in .staging.stg.avtar.test.
If you need different environments for avtar.test and stg.avtar.test
(looks like stg is staging deployment?), I'd suggest to deploy
stg.avtar.test as the main staging environment separately from
avtar.test. You can make sure avtar.test properly delegates
.stg.avtar.test to your staging environment
See also DNS autodiscovery section in ipa-client-install manual page.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland