After setting up FreeIPA server how to configure DNS forward (A records) & reverse (PTR records) automatically if any number of clients are joined to this FreeIPA server?
While settting up the FreeIPA server, I had used “ipa-server-install --setup-dns” to setup DNS. Also when I run “ipa dnszone-show mydomain.com” I see see Dynamic update: TRUE.
On the client side I ran this “ipa-client-install --mkhomedir” & it got installed but it does not seem to auto update the DNS forward & revserse zones/records on the server for the client
From server I cannot do nslookup to client IP or its host fqdn both fail. But if from client if I do nslookup to server that works. Any idea why its happening? Can any please suggest & help. Ping also works from both sides
I would encourage you to look at the ipa-client-install logs at: /var/log/ipaclient-install.log as it can give you a hint as to why the entries were not made. On the IPA server itself, the bind logs can give a better indicator (most common is updated failed: rejected by secure update).
A DNS entry is normally added under these conditions:
--enable-dns-updates is set
--ip-address is set
--all-ip-addresses is set
The client hostname DNS lookup fails
In most common situations, the very last scenario above is what happens. I would make sure that the following is true on your client(s) before enrolling:
Host name should be fully qualified - When you run hostname it should have your domain. e.g. host.mydomain.com
Set your hostname with hostnamectl set-hostname if the above is not the case
If this client has a subdomain, you must have that subdomain as a zone in IPA, e.g. host.sub.mydomain.com - Use ipa dnszone-add to add a zone.
If the hostname is indeed correct, then you can try to set /etc/hosts to have an entry for your client before using ipa-client-install
Also consider using --enable-dns-updates and/or using the --ip-address flag.
You can still add the entries manually after the enrollment.
# Ensure A and PTR records are synced
ipa dnsconfig-mod --allow-sync-ptr=true
# Add the record
ipa dnsrecord-add mydomain.com hostname --a-ip-address=x.x.x.x
Command ran to install client :- ipa-client-install --mkhomedir --enable-dns-updates
Client installs successfully but it fails to register the the DNS in the IPA server automatically
What works :-
From client to server
nslookup vmrock19.freeipaserver.local.dom
nslookup 172.16.3.2
What does not works :-
From Server to client
nslookup vmrock20.freeipaserver.local.dom
nslookup 172.16.3.3
I am not sure why its not auto registering the forward & reverse zones of the client, hence it seems the nslookup does not work. If I have multiple clients it will be difficult to manually add DNS for every client
ipa dnsconfig-mod --allow-sync-ptr=true this is already set
You will need to review /var/log/ipaclient-install.log and on the IPA server look at least /var/log/messages and look for the bind logs. Those will help indicate where the issue is.