freeipa

Clone
Source Code
GIT

#8710 Some domain names are not resolvable via IPA DNS
Closed: fixed 3 years ago by sorlov. Opened 3 years ago by sorlov.

Closed: fixed
Reopen Issue

Issue

When IPA server is installed with DNS support and a forwarder is configured, name resolution fails for some external names (not from IPA domain).

Steps to Reproduce

  1. Setup IPA server with DNS, use forwarder
  2. On IPA master try to resolve name "fedoraproject.org"

Actual behavior

Resolution fails

Expected behavior

Resolution works

Additional information

I have created small test to demonstarte the issue: PR, test report.

The IPA server is installed with DNS enabled and when executed in PR-CI it uses dnsmasq provided by libvirt as the forwarder. In the test we try to resolve three names: "fedoraproject.org", "debian.org", "gentoo.org". Resolution via dnsmasq succeeds for all three names. Resolution via IPA nameserver fails for two names.

The issue seems to be also related with network environment as the same test runs successfully on personal PR-CI instance with identical version of PR-CI software:
PR, test report

The issue was fixed by changing configuration of firewall for PR-CI runners - allow outbound TCP connections for port 53.

Since there is nothing on FreeIPA side to be done here, I am closing the ticket.

Metadata Update from @sorlov:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None

bug

None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.