Red Hat Identity Management Server - Missing DNS Record

Recently my server lab lost power. Stuff did not come back cleanly, and I needed to get my house back in order.

My Red Hat Identity Management Server, aka freeipa, running on a RHEL7 machine, restarted along with all the other physicals and vms. When the IdM server came back up, I noticed after some time that it had missing DNS records for some of my machines. Some dependent machines and services that required connectivity to those machines were failing, because the DNS was not resolving correctly. At first I thought it strange, and a small quirk since this doesn’t happen often. But after three or more times of power loss and fixing the problem manually by recreating the DNS, records I decided it was time to investigate.

Taking a peak at /var/log/messages or journalctl -xe revealed something deleting the records:

Sure looks like the client host itself was the culprit. As it turns out, I registered my machines with --enable-dns-updates. I did this originally without worrying about the details, and thinking this would be nice to have if I used DHCP. Later on I decided to use static IPs for other reasons, so it really isn’t important at the moment. I could turn the feature off, but that still didn’t explain why the record was being removed, because the correct IP was still associated to the machine’s interface. However, looking at it a bit, I recognized that I had added a bridge, such that the IP address was listed on the bridge rather than the physical interface. Bingo! I had to switch from em1 to ovirtmgmt.

On the client:

Then a quick restart of sssd on the client kicks the change in immediately.

Now checking the logs on the IPA server showed the following:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/managing-dynamic-dns-updates#dns-dynamic-updates-client