[Bug 1772405] Re: freeipa dns install does not correctly configure reverse zones due to systemd-resolved

Timo Aaltonen tjaalton at ubuntu.com
Mon May 21 14:12:34 UTC 2018 

Fedora doesn't enable systemd-resolved, which is probably why this
hasn't been hit before. It was proposed but apparently shot down.


** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1772405

Title:
  freeipa dns install does not correctly configure reverse zones due to
  systemd-resolved

Status in freeipa package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  In Ubuntu 18.04, ipa-dns-intall (or ipa-server-install when asking to
  configure BIND) does not create reverse DNS zones for my domain. Note
  that I already fixed (or more correctly, circumvented) other bugs
  involving BIND, such as
  https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440.

  The problem seems due to the presence of systemd-resolved. When ipa-
  dns-install valuates whether to create a reverse DNS zone, it tries to
  use the local DNS for resolving the IP address of the server. When you
  want to install BIND alongside IPA, this normally fails, and the
  installer knows he needs to configure an appropriate reverse zone. But
  when systemd-resolved is active, it takes the role of local DNS and
  answers this query: therefore, the installer thinks a reverse DNS zone
  is already present.

  To fix this problem I had to perform the following steps before calling ipa-dns-install (or ipa-server-install):
  1) stop systemd-resolved with "systemctl stop systemd-resolved".
  2) disable systemd-resolved with "systemctl disable systemd-resolved".
  3) delete the file "/etc/resolv.conf", which is a symlink to a file created by systemd.
  4) optionally, recreate "/etc/resolv.conf" pointing to the (real) local DNS.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772405/+subscriptions

More information about the foundations-bugs mailing list