View Issue Details

IDProjectCategoryView StatusLast Update
0015224CentOS-7ipa-serverpublic2018-08-29 08:12
Status newResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0015224: ipa-replica-install --setup-dns fails to replicate dns zones
DescriptionWhen SELinux is in enforcing mode, the replica fails to replicate DNS, causing DNS not to be resolved.

After installation, /var/named/dyndb-ldap/ipa remains empty.
When manually set se boolean 'named_write_master_zones' to true, all goes as planned.

This did not occur when creating the server itself, but every replica install with --setup-dns fails in the DNS part.

resolving by enabling selinux boolean and restarting named-pkcs11, it replicates the zones and all is fine.
Steps To ReproduceInstall server (ipa-server-install)
Install second machine
verify selinux boolean is disabled (getsebool named_write_master_zones)
run ipa-replica-install as per documentation
Error message at the end will occur
verify /var/named/dyndb-ldap/ipa/ is empty
set selinux boolean to 1 'setsebool -P named_write_master_zones 1'
restart named-pkcs11
observe a 'master' directory is created with subdirectories (one per dns zone)
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-29 08:12 rhoekstra New Issue