# Problem - What does not work as expected? named stop working after removing root zone '.' from LDAP To allow ipa donszone-add ., patch required: https://fedorahosted.org/freeipa/attachment/ticket/4149 - Is your problem related to a single DNS zone or a DNS record? Single zone ## Steps to Reproduce - ipactls status (all services RUNNING) - ipa dnszone-add . - ipactls status (all services RUNNING) - tail /var/named/data/named.run (shows errors) 25-Aug-2014 13:23:05.197 zone ./IN: NS 'ns.example.com' has no address records (A or AAAA) 25-Aug-2014 13:23:05.197 zone ./IN: not loaded due to errors. 25-Aug-2014 13:23:05.197 update_zone (syncrepl) failed for 'idnsname=.,cn=dns,dc=example,dc=com'. Zones can be outdated, run `rndc reload`: bad zone 25-Aug-2014 13:23:05.349 zone ./IN: loaded serial 1408965786 - ipactl status (all services running) - dig NS . ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 86400 IN NS ns.example.com. ;; ADDITIONAL SECTION: ns.example.com. 1200 IN A 10.x.x.x - ipa dnszone-del . - ipactl status (named: STOPPED) - tail /var/named/data/named.run (shows assertion) 25-Aug-2014 13:35:39.524 task.c:1678: REQUIRE(task->state == task_state_running) failed, back trace 25-Aug-2014 13:35:39.524 #0 0x7febc696b920 in ?? 25-Aug-2014 13:35:39.525 #1 0x7febc4b5b17a in ?? 25-Aug-2014 13:35:39.525 #2 0x7febc4b7d3b7 in ?? 25-Aug-2014 13:35:39.525 #3 0x7febc0a0fafe in ?? 25-Aug-2014 13:35:39.525 #4 0x7febc0a0a086 in ?? 25-Aug-2014 13:35:39.525 #5 0x7febc0a0df24 in ?? 25-Aug-2014 13:35:39.525 #6 0x7febc4b7d836 in ?? 25-Aug-2014 13:35:39.525 #7 0x7febc4731f33 in ?? 25-Aug-2014 13:35:39.525 #8 0x7febc39d5ded in ?? 25-Aug-2014 13:35:39.525 exiting (due to assertion failure) - zone is removed from LDAP SIDE EFFECT: significant slowdown of ipa commands, after zone deletion (ipa dnszone-find ~10sec) dirserv error?: no errors in dirsrv error log - systemctl start named Everything works fine, speed of ipa commands is restored (ipa dnszone-find ~1sec) - dig NS . ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 46510 IN NS d.root-servers.net. . 46510 IN NS a.root-servers.net. <output ommited> NOTE: ipa dnsforwardzone-add/del '.' works fine # Environment bind-dyndb-ldap-5.1-1.fc20.x86_64 bind-9.9.4-12.P2.fc20.x86_64 - Distribution and version (i.e. including updates): F20 - Architecture: x86_64 - Do you use bind-dyndb-ldap as part of ​FreeIPA installation? If you answered no: Which LDAP server you use? Which version? Yes - Include dynamic-db section from configuration file /etc/named.conf: dynamic-db "ipa" { library "ldap.so"; arg "uri ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket"; arg "base cn=dns, dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"; arg "fake_mname vm-073.idm.lab.eng.brq.redhat.com."; arg "auth_method sasl"; arg "sasl_mech GSSAPI"; arg "sasl_user DNS/vm-073.idm.lab.eng.brq.redhat.com"; arg "serial_autoincrement yes"; }; - Do you have some other text based or ​DLZ zones configured? No - Do you have some global forwarders configured in BIND configuration file? (Statements forward and forwarders.) Yes - Do you have some settings in global configuration object in LDAP? Please export configuration object to LDIF and attach it to the bug report. No