[Freeipa-users] certmonger selinux issue and freeipa dns database error problem
Rob Crittenden
rcritten at redhat.com
Fri Jan 14 14:19:21 UTC 2011
Uzor Ide wrote:
>
> We have a network that relies on kerberos, 389-ds, bind and nfs4. I am
> currently testing out the freeipa version 2 to see if we can use it to
> consolidate the various configuration into one interface. For the most
> part it works great apart from the obvious area where it has not been
> completed. However there are somethings that I have noticed.
>
> 1.) The DNS logging always logs database error every time it access the
> ldap. even though the query returns okay and the dns reply is fine.
>
> here is an excerpt of the log named.run
>
> 24-Oct-2010 10:32:33.025 edns-disabled: info: success resolving
> 'www.mailscanner.tv/A <http://www.mailscanner.tv/A>' (in 'mailscanner.tv
> <http://mailscanner.tv>'?) after reducing the advertised EDNS UDP packet
> size to 512 octets
> 24-Oct-2010 10:34:41.137 database: error: querying 'idnsName=wpad,
> idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
> 24-Oct-2010 10:34:41.140 database: error: querying 'idnsname=uzdomain.ca
> <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
> 24-Oct-2010 10:34:41.143 database: error: entry count: 1
> 24-Oct-2010 10:34:41.146 database: error: querying 'idnsName=wpad,
> idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
> 24-Oct-2010 10:39:43.581 database: error: querying 'idnsName=wpad,
> idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
> 24-Oct-2010 10:39:43.583 database: error: querying 'idnsname=uzdomain.ca
> <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
> 24-Oct-2010 10:39:43.586 database: error: entry count: 1
> 24-Oct-2010 10:39:43.589 database: error: querying 'idnsName=wpad,
> idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> '(objectClass=idnsRecord)'
>
> here is our logging configuration
>
> // *******************
> // Logging definitions
> // *******************
>
> // Logging
> logging {
> channel "named_log" {
> file "data/log/named.run" versions 5 size 4m;
> severity dynamic;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
>
> channel "security_log" {
> file "data/log/security.log" versions 5 size 10m;
> severity dynamic;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
>
> channel "query_log" {
> file "data/log/query.log" versions 5 size 50m;
> #severity dynamic;
> severity debug;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
>
> channel "transfer_log" {
> file "data/log/transfer.log" versions 5 size 10m;
> severity dynamic;
> print-category yes;
> print-severity yes;
> };
>
> category "default" {
> "named_log";
> "default_syslog";
> "default_debug";
> };
>
> category "general" {
> "named_log";
> };
>
> category "queries" {
> "query_log";
> };
>
> category "lame-servers" {
> null;
> };
>
> category "security" {
> "security_log";
> };
>
> category "config" {
> "named_log";
> };
>
> category "resolver" {
> "query_log";
> };
>
> category "xfer-in" {
> "transfer_log";
> };
>
> category "xfer-out" {
> "transfer_log";
> };
>
> category "notify" {
> "transfer_log";
> };
>
> category "client" {
> "query_log";
> };
>
> category "network" {
> "named_log";
> };
>
> category "update" {
> "transfer_log";
> };
>
> category "dnssec" {
> "security_log";
> };
>
> category "dispatch" {
> "security_log";
> };
> };
>
> This error message keeps triggering our monitoring systems.
This has been fixed in bug
https://bugzilla.redhat.com/show_bug.cgi?id=656454. It should show up as
bind-dyndb-ldap-0.2.0-1.fc14 in the Fedora updates-testing repo in the
next day or so.
rob
More information about the Freeipa-users
mailing list