A.6. Troubleshooting DNS

  1. Many DNS problems are caused by misconfiguration. Therefore, make sure you meet the conditions in Section 2.1.3, “Host Name and DNS Configuration”.
  2. Use the dig utility to check the response from the DNS server: 
    # dig _ldap._tcp.ipa.example.com. SRV

; <<>> DiG 9.9.4-RedHat-9.9.4-48.el7 <<>> _ldap._tcp.ipa.example.com. SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17851
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_ldap._tcp.ipa.example.com. IN SRV

;; ANSWER SECTION:
_ldap._tcp.ipa.example.com. 86400 IN SRV        0 100 389 ipaserver.ipa.example.com.

;; AUTHORITY SECTION:
ipa.example.com.        86400 IN NS       ipaserver.ipa.example.com.

;; ADDITIONAL SECTION:
ipaserver.ipa.example.com. 86400 IN A 192.0.21
ipaserver.ipa.example.com 86400 IN AAAA 2001:db8::1
  3. Use the host utility to perform a DNS name lookup: 
    $ host server.ipa.example.com
server.ipa.example.com. 86400 IN A 192.0.21
server.ipa.example.com 86400 IN AAAA 2001:db8::1
  4. Review the DNS records in LDAP using the ipa dnszone-show command: 
    $ ipa dnszone-show zone_name
$ ipa dnsrecord-show zone_name record_name_in_the_zone
    For details on using the IdM tools to manage DNS, see Chapter 33, Managing DNS.
  5. Restart BIND to force resynchronization with LDAP: 
    $ systemctl restart named-pkcs11
  6. Get a list of the required DNS records: 
    $ ipa dns-update-system-records --dry-run
    Use the dig utility to check if the displayed records are present in DNS. If you use the Identity Management DNS, use the ipa dns-update-system-records command to update any missing records.