FreeIPA : Installer not resolving domain name from hosts file – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, domain-name-system, centos7, rhel7, freeipa.
I have been having an issue while installing
FreeIPA. The problem is that every time I run the installer the
FreeIPA application does not read from the host file rather tries to resolve the domain name (my machine’s hostname) with a DNS query. I’m Working with
CentOS Linux release 7.3.1611 (Core)
Following are the entries in my
/etc/hosts file :
[root@ipa ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.28.5 ipa.example.com ipa
[root@ipa ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com
If I add a DNS entry in the above, the domain
example.com is resolved from that DNS and following error is observed as would be expected if an external DNS is queried.
Please provide a realm name [EXAMPLE.COM]: Checking DNS domain example.com., please wait ... ipa.ipapython.install.cli.install_tool(Server): ERROR DNS zone example.com. already exists in DNS and is handled by server(s): a.iana-servers.net., b.iana-servers.net.
So I choose not to add a DNS and use an empty
resolve.conf file as shown above. I have also tried setting the
nameserver to my machines IP but to no luck.
To get it to force read from my
hosts file I changed the
nsswitch config to only read from the
hosts file but that was still in vain. kindly see below the my
[root@ipa ~]# grep hosts /etc/nsswitch.conf hosts: files
Running the installer
[root@ipa ~]# ipa-server-install --setup-dns -a <passwd> -p <passwd>
now with the current config returns the following :
Please provide a realm name [EXAMPLE.COM]: Checking DNS domain example.com., please wait ... Please provide the IP address to be used for this host name:
So again, the hosts file was ignored and installer asks for an IP against the domain.
Following are some test which show
IP resolution is succesful
[root@ipa ~]# ping ipa.example.com PING ipa.example.com (192.168.28.5) 56(84) bytes of data. 64 bytes from ipa.example.com (192.168.28.5): icmp_seq=1 ttl=64 time=0.126 ms ^C --- ipa.example.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.126/0.126/0.126/0.000 ms [root@ipa ~]# getent hosts ipa.example.com 192.168.28.5 ipa.example.com ipa [root@ipa ~]# telnet ipa.example.com Trying 192.168.28.5...
Apologies for the long post, I’m quite stuck with this and I’m having trouble figuring out what I’m missing. Any assistance on this issue would be greatly appreciated. Thankyou.
PS : The setup is not for a live environment, its for testing purposes.
Actually, it’s a legitimate use case to set up IPA servers to eventually replace existing, running DNS servers for a domain. The “go purchase a new domain” answers fail to address the underlying technical issue.
This case can be handled by specifying
ipa-server-install --allow-zone-overlap option, documented here.
You cannot use a domain name that someone else controls. If you attempt to do so, you get the errors shown here.
Instead, use a subdomain of your own domain name. If you do not have a domain name, one can be obtained very cheaply from numerous domain registrars.
Had the same problem with the standard domain everybody use in test environment
You dont have to purchase anything for test lab, just change the domain in something unique.
Ofcourse put it in:
/etc/resolve.conf (you can put 188.8.131.52 as nameserver)
Hope it helps..