Search
SupportConsoleDevelopersStart a trialContact

Chapter 109. Checking DNS records using IdM Healthcheck

download PDF

You can identify issues with DNS records in Identity Management (IdM) using the Healthcheck tool.

Prerequisites

  • The DNS records Healthcheck tool is only available on RHEL 8.2 or newer.

109.1. DNS records healthcheck test

The Healthcheck tool includes a test for checking that the expected DNS records required for autodiscovery are resolvable.

To list all tests, run the ipa-healthcheck with the --list-sources option: 

# ipa-healthcheck --list-sources

You can find the DNS records check test under the ipahealthcheck.ipa.idns source.

IPADNSSystemRecordsCheck
This test checks the DNS records from the ipa dns-update-system-records --dry-run command using the first resolver specified in the /etc/resolv.conf file. The records are tested on the IPA server.

109.2. Screening DNS records using the healthcheck tool

Follow this procedure to run a standalone manual test of DNS records on an Identity Management (IdM) server using the Healthcheck tool.

The Healthcheck tool includes many tests. Results can be narrowed down by including only the DNS records tests by adding the --source ipahealthcheck.ipa.idns option.

Prerequisites

  • You must perform Healthcheck tests as the root user.

Procedure

  • To run the DNS records check, enter: 

    # ipa-healthcheck --source ipahealthcheck.ipa.idns

    If the record is resolvable, the test returns SUCCESS as a result: 

    {
    "source": "ipahealthcheck.ipa.idns",
    "check": "IPADNSSystemRecordsCheck",
    "result": "SUCCESS",
    "uuid": "eb7a3b68-f6b2-4631-af01-798cac0eb018",
    "when": "20200415143339Z",
    "duration": "0.210471",
    "kw": {
      "key": "_ldap._tcp.idm.example.com.:server1.idm.example.com."
    }
}

    The test returns a WARNING when, for example, the number of records does not match the expected number: 

    {
    "source": "ipahealthcheck.ipa.idns",
    "check": "IPADNSSystemRecordsCheck",
    "result": "WARNING",
    "uuid": "972b7782-1616-48e0-bd5c-49a80c257895",
    "when": "20200409100614Z",
    "duration": "0.203049",
    "kw": {
      "msg": "Got {count} ipa-ca A records, expected {expected}",
      "count": 2,
      "expected": 1
    }
}

Additional resources

  • See man ipa-healthcheck.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.