FreeIPA : Installer not resolving domain name from hosts file

Question

I have been having an issue while installing FreeIPA. The problem is that every time I run the installer the FreeIPA application does not read from the host file rather tries to resolve the domain name (my machine's hostname) with a DNS query. I'm Working with CentOS Linux release 7.3.1611 (Core)

Following are the entries in my /etc/hosts file :

[root@ipa ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.28.5 ipa.example.com ipa

Entries in /etc/resolve.conf

[root@ipa ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search example.com

If I add a DNS entry in the above, the domain example.com is resolved from that DNS and following error is observed as would be expected if an external DNS is queried.

Please provide a realm name [EXAMPLE.COM]: 
Checking DNS domain example.com., please wait ...
ipa.ipapython.install.cli.install_tool(Server): ERROR    DNS zone example.com. already exists in DNS and is handled by server(s): a.iana-servers.net., b.iana-servers.net.

So I choose not to add a DNS and use an empty resolve.conf file as shown above. I have also tried setting the nameserver to my machines IP but to no luck.

To get it to force read from my hosts file I changed the nsswitch config to only read from the hosts file but that was still in vain. kindly see below the my /etc/nsswitch configuration.

[root@ipa ~]# grep hosts /etc/nsswitch.conf
hosts:      files

Running the installer

[root@ipa ~]# ipa-server-install --setup-dns -a <passwd> -p <passwd>

now with the current config returns the following :

Please provide a realm name [EXAMPLE.COM]: 
Checking DNS domain example.com., please wait ...
Please provide the IP address to be used for this host name:

So again, the hosts file was ignored and installer asks for an IP against the domain.

Following are some test which show hostname to IP resolution is succesful

[root@ipa ~]# ping ipa.example.com
PING ipa.example.com (192.168.28.5) 56(84) bytes of data.
64 bytes from ipa.example.com (192.168.28.5): icmp_seq=1 ttl=64 time=0.126 ms
^C
--- ipa.example.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.126/0.126/0.126/0.000 ms

[root@ipa ~]# getent hosts ipa.example.com
192.168.28.5    ipa.example.com ipa

[root@ipa ~]# telnet ipa.example.com
Trying 192.168.28.5...

Apologies for the long post, I'm quite stuck with this and I'm having trouble figuring out what I'm missing. Any assistance on this issue would be greatly appreciated. Thankyou.

PS : The setup is not for a live environment, its for testing purposes.

Do what all the other lazy windows admins do, use `domain.local` or `example.local` or `2buckstoomuch.local` — Jacob Evans, Feb 11 '17 at 14:45
@JacobEvans maybe give the last part another read. As I mentioned this is only for testing. I don't need to purchase anything. Anyways I got it working. Thanks. — Mustafa Mujahid, Feb 11 '17 at 15:20
no, you don't need an internet connection for testing (or production) either. — Jacob Evans, Feb 11 '17 at 15:21

score 9 · Accepted Answer · edited Apr 17 '18 at 21:35

9

Actually, it's a legitimate use case to set up IPA servers to eventually replace existing, running DNS servers for a domain. The "go purchase a new domain" answers fail to address the underlying technical issue.

This case can be handled by specifying ipa-server-install --allow-zone-overlap option, documented here.

edited Apr 17 '18 at 21:35

smolin

38
4

answered Apr 13 '17 at 03:08

zultron

206
2
1

score 2 · Answer 2 · answered Feb 09 '17 at 19:08

2

You cannot use a domain name that someone else controls. If you attempt to do so, you get the errors shown here.

Instead, use a subdomain of your own domain name. If you do not have a domain name, one can be obtained very cheaply from numerous domain registrars.

answered Feb 09 '17 at 19:08

Michael Hampton

244,070
43
506
972

Thank you for you response. This is for a test environment using 3 VMs. Multiple video/web tutorials where the similar domain name was being used seemed to have worked for them, other than this, even if example.com is an already registered domain, my scenario does not want queries from the Internet. I want to read the IP from the hosts file, hence making the entry in `/etc/hosts`. According to tutorials I have seen the prompt stating `checking DNS domain` does not show up and IP forwarder is asked to be entered straight away. – Mustafa Mujahid Feb 09 '17 at 19:20
What would your recommendation be for domain name if I am deploying IPA for testing and don't plan on purchasing a domain and have it DNS hosted. – Mustafa Mujahid Feb 09 '17 at 19:21
1

Again, my recommendation is that you purchase a domain name. You cannot use someone else's domain name without their explicit consent. – Michael Hampton Feb 09 '17 at 19:25
yes, Thank you. I changed it an now and it works. Just needed a random `hostname` which was not registered. It's strange because web/video tutorials all use the same domain I was using before and it worked for them. Anyways thanks for the help. Much appreciated. Cheers – Mustafa Mujahid Feb 11 '17 at 15:14

score 0 · Answer 3 · answered Feb 11 '17 at 10:54

0

Had the same problem with the standard domain everybody use in test environment using "ipa.example.com". You dont have to purchase anything for test lab, just change the domain in something unique. Ofcourse put it in: /etc/hosts /etc/resolve.conf (you can put 8.8.8.8 as nameserver) Hope it helps.. Regards

answered Feb 11 '17 at 10:54

zemandic

1
1

Yes, it's quite confusing. I changed my `hostname` and it worked. Thankyou – Mustafa Mujahid Feb 11 '17 at 15:15

FreeIPA : Installer not resolving domain name from hosts file

3 Answers3

Linked

Related