Menu Close
Chapter 5. Checking DNS records using IdM Healthcheck
This section describes a Healthcheck tool in Identity Management (IdM) to identify issues with DNS records.
5.1. DNS records healthcheck test
The Healthcheck tool includes a test for checking that the expected DNS records required for autodiscovery are resolvable.
To list all tests, run the ipa-healthcheck
with the --list-sources
option:
# ipa-healthcheck --list-sources
The DNS records check test is placed under the ipahealthcheck.ipa.idns
source.
- IPADNSSystemRecordsCheck
-
This test checks the DNS records from the
ipa dns-update-system-records --dry-run
command using the first resolver specified in the/etc/resolv.conf
file. The records are tested on the IPA server.
5.2. Screening DNS records using the healthcheck tool
This section describes a standalone manual test of DNS records on an Identity Management (IdM) server using the Healthcheck tool.
The Healthcheck tool includes many tests. Results can be narrowed down by including only the DNS records tests by adding the --source ipahealthcheck.ipa.idns
option.
Prerequisites
- Healthcheck tests must be performed as the root user.
Procedure
To run the DNS records check, enter:
# ipa-healthcheck --source ipahealthcheck.ipa.idns
If the record is resolvable, the test returns
SUCCESS
as a result:{ "source": "ipahealthcheck.ipa.idns", "check": "IPADNSSystemRecordsCheck", "result": "SUCCESS", "uuid": "eb7a3b68-f6b2-4631-af01-798cac0eb018", "when": "20200415143339Z", "duration": "0.210471", "kw": { "key": "_ldap._tcp.idm.example.com.:server1.idm.example.com." } }
The test returns a
WARNING
when, for example, the number of records does not match the expected number:{ "source": "ipahealthcheck.ipa.idns", "check": "IPADNSSystemRecordsCheck", "result": "WARNING", "uuid": "972b7782-1616-48e0-bd5c-49a80c257895", "when": "20200409100614Z", "duration": "0.203049", "kw": { "msg": "Got {count} ipa-ca A records, expected {expected}", "count": 2, "expected": 1 } }
Additional resources
-
See
man ipa-healthcheck
.