When I specify --no-reverse option at ipa-replica-prepare and then try to setup a replica from the resulting gpg file, I get this error: ipa : ERROR Unable to resolve the IP address 10.34.54.25 to a host name, check /etc/hosts and DNS name resolution and the installation fails. We either should disable --no-reverse options or make replica installation skip the checking of reverse address resolving.
We should be able to work fine w/o reverse zones or with reverse zones that point to bogus names. I think this is something we SHOULD test because it is a normal network condition in some organizations (because they can't control reverse). If something fails if reverse is wrong/missing we need to fix it, because relying on reverse resolution is broken (vs security) anyway and we should not."
So, changing error into warning upon the failure of reverse address resolve could be a solution.
Fixed. "ERROR Reverse DNS resolution of address <ip address> (<hostname>) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)" is shown, but it does not cause the installation to fail
Metadata Update from @ofayans: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.