Hi,
Yesterday I upgraded one of the masters (CentOS 8 Stream, from 4.9.2 => 4.9.3) and
in the process it modified ipa-ca to only have its own IP address. Here is
an extract from ipaupgrade.log
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='rotte.example.com', status='enabled', include_master=True,
version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='rotte.example.com', status='enabled', include_master=True,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='iparep4.example.com', status='enabled',
include_master=True, version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='iparep4.example.com', status='enabled',
include_master=True, all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='linge.example.com', status='enabled', include_master=True,
version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='linge.example.com', status='enabled', include_master=True,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: dnszone_show(<DNS name example.com.>,
version='2.240')
2021-07-08T18:37:29Z DEBUG dnszone_show(<DNS name example.com.>, rights=False,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:32Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:35Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:38Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:41Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:44Z DEBUG Name
iparep4.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:44Z ERROR unable to resolve host name
iparep4.example.com. to IP address,
ipa-ca DNS record will be incomplete
2021-07-08T18:37:44Z DEBUG Name
linge.example.com. resolved to
{UnsafeIPAddress('172.16.16.10'),
UnsafeIPAddress('fe80::529a:4cff:fe9d:3b10')}
2021-07-08T18:37:44Z DEBUG Name
rotte.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:47Z DEBUG Name
rotte.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:50Z DEBUG Name
rotte.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:37:53Z DEBUG Name
rotte.example.com. does not have any address: [Errno -2]
Name or service not known
2021-07-08T18:38:01Z ERROR unable to resolve host name
rotte.example.com. to IP address,
ipa-ca DNS record will be incomplete
...
2021-07-08T18:38:02Z DEBUG raw: dnsrecord_mod(<DNS name example.com.>, <DNS name
ipa-ca.example.com.>, arecord=['172.16.16.10'],
aaaarecord=['fe80::529a:4cff:fe9d:3b10'], version='2.240')
2021-07-08T18:38:02Z DEBUG dnsrecord_mod(<DNS name example.com.>, <DNS name
ipa-ca.example.com.>, arecord=('172.16.16.10',),
aaaarecord=('fe80::529a:4cff:fe9d:3b10',), rights=False, structured=False,
all=False, raw=False, version='2.240')
That's a bit puzzling. Why couldn't it find these two hostnames during the
upgrade?
/etc/resolv.conf:
nameserver 127.0.0.1
There does not seem to be anything wrong (before and after the upgrade).
Both hostname names resolve perfectly well.
The only thing I can think of (wild guess) is that the nameservers are configured
with dnssec disabled. Could that be it?
--
Kees