When IPA server is installed with DNS support and a forwarder is configured, name resolution fails for some external names (not from IPA domain).
Resolution fails
Resolution works
I have created small test to demonstarte the issue: PR, test report.
The IPA server is installed with DNS enabled and when executed in PR-CI it uses dnsmasq provided by libvirt as the forwarder. In the test we try to resolve three names: "fedoraproject.org", "debian.org", "gentoo.org". Resolution via dnsmasq succeeds for all three names. Resolution via IPA nameserver fails for two names.
The issue seems to be also related with network environment as the same test runs successfully on personal PR-CI instance with identical version of PR-CI software: PR, test report
The issue was fixed by changing configuration of firewall for PR-CI runners - allow outbound TCP connections for port 53.
Since there is nothing on FreeIPA side to be done here, I am closing the ticket.
Metadata Update from @sorlov: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.