IdM DNS fails to add new zone: NS '<hosntname>' has no address records (A or AAAA)

Solution Verified - Updated -

Issue

IdM DNS fails to add new zone: NS 'server.idm.example.com' has no address records (A or AAAA)

  • A new DNS zone is added:

    # ipa dnszone-add example.com
  Zone name: example.com.
  Active zone: TRUE
  Authoritative nameserver: server.idm.example.com.
  Administrator e-mail address: hostmaster
  SOA serial: 1651623189
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant IDM.EXAMPLE.COM krb5-self * A; grant IDM.EXAMPLE.COM
                      krb5-self * AAAA; grant IDM.EXAMPLE.COM krb5-self * SSHFP;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

  • After adding a new DNS zone, below error messages suggest that server.idm.example.com can not be resolved:

    # cat /var/named/data/named.run

04-May-2022 10:13:08.649 zone example.com/IN: NS 'server.idm.example.com' has no address records (A or AAAA)
04-May-2022 10:13:08.649 zone example.com/IN: not loaded due to errors.
04-May-2022 10:13:08.649 zone example.com/IN: unable to reload invalid zone; reload triggered by change in resource record DN 'idnsname=_kerberos,idnsname=example.com.,cn=dns,dc=idm,dc=exacmple,dc=com': bad zone
04-May-2022 10:13:08.649 zone example.com/IN: NS 'server.idm.example.com' has no address records (A or AAAA)
04-May-2022 10:13:08.650 zone example.com/IN: not loaded due to errors.
04-May-2022 10:13:08.650 update_zone (syncrepl) failed for master zone DN 'idnsname=example.com.,cn=dns,dc=idm,dc=example,dc=com'. Zones can be outdated, run `rndc reload`: bad zone

  • However, the hostname is resolvable:

    # hostname
server.idm.example.com

    # cat /etc/hosts
192.168.1.10    server.idm.example.com server

    # dig server.idm.example.com +short
192.168.1.10

Newly added A record does not resolve:

  • Attempting to add a new DNS record in the new zone:

    # ipa dnsrecord-add example.com dbserver --a-ip-address=192.168.12.34
  Record name: dbserver
  A record: 192.168.12.34

  • However, DNS server fails to resolve the new record:

    # dig dbserver.example.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> dbserver.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53760     <<<<<===== Status is SERVFAIL
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dbserver.example.com.      IN  A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 04 10:19:22 AEST 2022
;; MSG SIZE  rcvd: 49

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Identity Management (IdM) / FreeIPA
    • ipa-server
    • ipa-server-dns
    • bind-pkcs11 / named-pkcs11.service

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content