IPA Server | Cannot create reverse record for 192.168.9.150. DNS reverse zone 192.in-addr.arpa. for IP address 192.168.9.150 is not managed by this server

I had an irritating issue with my IPA Server, and it had puzzled me for a while. It didn’t prevent things from working, but made it more difficult as when I would create a new A record, I would want to have it create the reverse PTR record as well, the only problem is it wouldn’t work and I would receive this error. Cannot create reverse record for 192.168.9.150. DNS reverse zone 192.in-addr.arpa. for IP address 192.168.9.150 is not managed by this server.

I could go to the reverse zone and add it just fine, and DNS resolution appeared to work without issue, however, it irritated me and I wanted to figure out what was going on. I first tried doing a Google search on the issue, however all I was really finding was some old archive issues on Red Hat’s Site regarding the issue, and it didn’t address my issue from what I could tell. It did give me some ideas though, so I began troubleshooting my DNS woes with dig and ip addr. I also looked into the /etc/resolv.conf file on the IPA server. Here is what I found.

Initial Dig

So, the dig command showed only a query and an additional, no answers. Upon learning this, I went to look at /etc/resolv.conf on the server itself.

/etc/resolv.conf

Well that doesn’t look right does it. Probably me setting up the server reflexively, as the name servers are pointing to Google. But why? That shouldn’t be there. The DNS forwarders are in the IPA server itself, and actually point to the OpenDNS servers. So having these here is an issue, and what is messing things up. So out they go. I remove the google servers, and just add the server IP itself of 192.168.1.53. Then to make sure everything is seeing the new changes, a quick systemctl restart.

Once the server rebooted, I did the dig command again.

Ah, that is much better. This time I see 1 Query, 1 Answer, 1 Authority, and 2 Additional. So, now that it looks more promising, I went back to the IPA GUI and added a test A record, and told it to create the reverse record at the same time. This time it works without issue.

So in the end, the issue was adding DNS servers other than the DNS server, which caused the confusion. Not sure how it ended up this way, as I was sure it worked at some point, or why I put those DNS addresses in the resolv.conf file. I’m just happy the issue has been resolved and now I don’t have to do double work each time I create a DNS A record.

RHCA Journey | Lab and RHCE Objective Status

Below is a listing of the RHCE Objectives as of January 2019 on Red Hat’s website for the EX300 exam. As this week is lab practice week for me I am starting all of them off as red. This means I’ve not signed off on that objective yet as knowing it forward and backward. Many of them will go quickly over the week as I know them fairly well already, and a few will just need a few hours of practice to ensure I do know them. So this page will be edited throughout this week as I progress. If you are interested in the progress, feel free to check back daily to see how I am doing. I will post a separate article on any challenges I faced during the labs and what I learned from the entire process.

System configuration and management

  • Use network teaming or bonding to configure aggregated network links between two Red Hat Enterprise Linux systems
  • Configure IPv6 addresses and perform basic IPv6 troubleshooting
  • Route IP traffic and create static routes
  • Use firewalld and associated mechanisms such as rich rules, zones and custom rules, to implement packet filtering and configure network address translation (NAT)
  • Configure a system to authenticate using Kerberos
  • Configure a system as either an iSCSI target or initiator that persistently mounts an iSCSI target
  • Produce and deliver reports on system utilization (processor, memory, disk, and network)
  • Use shell scripting to automate system maintenance tasks

Network services

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service

HTTP/HTTPS

  • Configure a virtual host
  • Configure access restrictions on directories
  • Deploy a basic CGI application
  • Configure group-managed content
  • Configure TLS security

DNS

  • Configure a caching-only name server
  • Troubleshoot DNS client issues

NFS

  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration
  • Use Kerberos to control access to NFS network shares

SMB

  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration

SMTP

  • Configure a system to forward all email to a central mail server

SSH

  • Configure key-based authentication
  • Configure additional options described in documentation

NTP

  • Synchronize time using other NTP peers

Database services

  • Install and configure MariaDB
  • Backup and restore a database
  • Create a simple database schema
  • Perform simple SQL queries against a database

Red Hat Training Labs

  • Lab: Controlling Services and Daemons
  • Lab: Managing IPv6 Networking
  • Lab: Configuring Link Aggregation and Bridging
  • Lab: Network Port Security
  • Lab: Managing DNS for Servers
  • Lab: Configuring Email Transmission
  • Lab: Providing Block-based Storage
  • Lab: Providing File-based Storage
  • Lab: Configuring MariaDB Databases
  • Lab: Providing Apache HTTPD Web Service
  • Lab: Writing Bash Scripts
  • Lab: Bash Conditionals and Control Structures
  • Lab: Configuring the Shell Environment
  • Lab: Comprehensive Review of System Administration III

Notes

The first 5 labs have gone very well, as I am able to do them without looking at the answers. While I may not recall all the full commands on some of them, it is easy enough to locate the correct syntax using man pages and using semanage or error logs to resolve the issues. The same methods I will have at my disposal during the EX300 exam.

The SMTP mail relay section seems to be giving me issues. The labs have you just issuing out long postconf -e commands to insert or change the /etc/postfix/main.cf file. I haven’t found a way to recall all these commands by memory just yet, other than just drilling it over and over until I have them memorized. I’m more going on the line of thinking of instead of using postconf -e I will just edit the main.cf file directly and recall each area to locate in the file to accomplish what I’m needing to do. I will need to review this lab a few more times before I feel I am ready, therefore I marked it as orange.

The iscsi configuration took me a little longer than the others as there are a number of steps involved in setting it up on the server, and then connecting on the client. However after going over the labs a number of times I understand the syntax of each of the commands for discovering, logging in, logging out, and even deleting. I also understand the process of setting up the server side with targetcli. If I draw a blank I can use man iscsiadm to see the required examples needed for the syntax I’ll need to connect the client to the server target.

It took a while for me to get all the NFS and SMB objectives down in the labs. I am not sure what I’ll be asked to do in the exam, however at this point I have it down well enough that I feel comfortable moving forward. The next day or two I will be working on MariaDB and Apache in the labs. I took some time off (as I was on vacation after all, and I got sick at the end of the week). I hope to be at the point at the end of this week I’ll feel comfortable scheduling the exam and giving it a go.

I’ve done most of the labs at this point, and some of them I can redo without issue. I’m placing a check next to all that I’ve gone over a second time, and that are firmly in my memory. I will be scheduling my EX300 exam in the next few days, more than likely for some time near the end of February. I just need the extra time to go over the labs until I am comfortable with them.

I am in my final week before my exam, which is scheduled for February 28th. I feel as I should do okay, my biggest worry is will I do it with the amount of time given. I have a big study day scheduled for Monday as well, and am going through the practice labs both on ROLE and Linux Academy.

I ended up having to push the exam back as things were getting in the way, however I am nearly to the point where I have all points memorized for the exam. I’m just doing labs to make sure everything is set, and then will move the exam date up sooner if need be and finish things up here. It has just been very busy at work and with family life that study time has been hindered some.

Finally got the postfix labs done. The practice and labs that Red Hat provides want you to add the config lines in with postconf -e, and while that may be fast, I was having issues remembering the full command. It ended up being easier to remember just enough of it within /etc/postfix/main.cf and just scroll through the conf file from top to bottom, changing what was required based on the lab. Just a little left to go, brushing back up on SMB and NFS, then just start sweeping through all of them at once for a week. I should start the full sweep of labs next week. The exam is the week after that.

Last updated: March 11, 2019 at 05:23 PM MDT.

RHCA Journey – Week 3 | Bash Scripting

It’s been about a week since my last post. I was able to finish up the first review of the RHCE material with Red Hat’s training material. I was slowed down however due to taking care of things at home, plus just extra busy days at work. The good news is, I had some extra time I needed to take before my PTO expired so I am taking it now. I’ll have all next week to do some resting, as well as finish my studies for my RHCE. At the end of next week, I will be scheduling my exam.

The last bit of information in the training was on Bash shell scripting and shell variables. Nothing too difficult, just things that require use and practice and you will have no problems with it. Bash scripting is obviously good for automating various system administrative tasks, so it’s good to know this.

This is just a short update though, and not really going over too much detail over the last bit of information covered at this time. That will be saved in my second pass where I focus more on lab examples and reviewing the material and objectives over the next week.

My plan for next week is to do two posts, one mid-week, the second at the end of my training for the RHCE. The exam will be scheduled for sometime that following week, or as soon as a spot is open for a Kiosk type exam.

So the next update should be posted on Wednesday to update on my final study week. Most of it will just be practicing doing the various objectives for the RHCE and making sure I can either recall how to do it all from memory or know where I can find examples of the commands in man pages so I can accomplish the tasks quickly.

Cheers,

Ivan Windon – RHCSA

RHCA Journey Day 8 – MariaDB | Apache and TLS

It has been a few days since my last post, however, the studying continued on each day. I covered MariaDB, Apache, and TLS just recently. I really enjoyed the topics that I covered over the past few days as I was able to directly apply them to real-world situations with this website.

What made this especially fun was that my website is run off all of these. Until today though the site was just run over HTTP, after reading up on getting TLS working on Apache I figured, why not just put into practice what I learned by adding TLS support to this site. You may notice that now the site is fully https, and it redirects you to https automatically now. I did not go for the expensive ones, as I don’t sell anything on this site, so there was no need. So I just went for the DV (domain verification) certificate from Comodo.

I just needed to install two packages to get things going:

# yum install mod_ssl crypto-utils

From there I ran genkey to get my csr.

# genkey www.therootuser.com

Just follow the on screen prompts, and it dumps the file out at /etc/pki/tls/certs/www.therootuser.com.0.csr, which you then send to the CA to get signed (along with some money).

Then I just edited the file /etc/httpd/conf.d/therootuser.conf

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/www_therootuser_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.therootuser.com.key
SSLCACertificateFile /etc/pki/tls/certs/www_therootuser_com.ca-bundle

These were all added to the <VirtualHost *:443> section of the conf file

As this process took me time to figure out and get working properly it, of course, slowed me down on the Apache section, so I’m still finishing that chapter up and will take what I learn from there and apply it to make my site better.

With MariaDB, most of that was just review material, and the only syntax I think I’ll need to work on to get down correctly is creating users, and granting rights to them. For my purposes, it’s not something I really have to deal with, but it will still be useful to know.

For now, I will continue on with the Apache chapter, and try and apply things to my site, as well as in lab situations. At least I’m sure on this topic I will do well on the exam. Which knowing my luck, they won’t ask anything about. Usually how it goes. Check back tomorrow for more on Apache, and my next topics on the RHCE.

Cheers,

Ivan Windon – RHCSA

RHCA Journey – Day 5 – 6 – Email and iSCSI

The weekend I continued on my RHCA Journey with my RHCE studies by covering chapters on configuring email transmission with RHEL. The bigger chapter went over providing remote block storage with iSCSI. Both topics are fairly new to me as it is not something I’ve had to deal with much in the past. Both are topics though that interest me and I want to know more about.

The email chapter was fairly basic, just covering relaying local messages from the system to a mail system, nothing like setting up a full-blown mail server. The full mail server is something I have wanted to do for a while, just to see how it all works. I have done so with an Exchange server in the past, however, my email server is now hosted by Rackspace. I would love to set up my own mail server and host my own email, as I do with my website. I have read that this is not a recommended thing to do, for security issues and such. I think I’ll still try it one day, as the process sounds challenging and fun.

The biggest chapter which I went over today actually was on iSCSI. I’ve done it myself a few times in the past, but I still haven’t wrapped my head around it all just yet. I feel I need to read over this chapter a few more times and use my other sources as well to see how they explain it. A while back I set up an iSCSI target on a Synology NAS, so it was interesting to see it in a non-lab type setup. I think that helped me understand it a bit better. What I just need to do is read over the material a few more times to understand why I’m doing what I am doing, and then just practice setting it up a few times until I get it into my memory better.

At this point, I have gone through half of the training material for the RHCE. I should be able to finish in the next week and then start reviewing the areas I’ve determined to be weak points for me and going over the labs a number of times. I will then have a better idea on when I’ll schedule the RHCE exam.

Tomorrow I will begin a chapter on File-based storage with NFS and SMB, so that should be exciting and a good review. Be sure to check back again tomorrow for more information on how that goes.

Cheers,

Ivan Windon – RHCSA