Hi All,
I would like to have my new TrueNAS server set up as a client for my FreeIPA server.
I start by going to System/Network, and removing the primary/secondary DNS servers, and replacing them with the IP address for my IPA server: 192.168.4.167. Next, I put an entry for hostname database: 192.168.4.167 mirkwood.me.local mirkwood
Then I go to Credentials, Directory Services, and selecting Configure Directory Services. I select IPA as my configuration type and use the following settings:
- Kerberos Realm = ME.LOCAL
- Credential Type = Kerberos User
- Username = admin@ME.LOCAL
- Target Server = mirkwood.me.local
- TrueNAS Hostname = moira.me.local
- Domain = me.local
- Base DN = dc=me,dc=local
This errors out with the following:
The resolution lifetime expired after 10.403 seconds: Server 192.168.4.167 UDP port 53 answered The DNS operation timed out after 4.000 seconds; Server 192.168.4.167 UDP port 53 answered The DNS operation timed out after 4.000 seconds; Server 192.168.4.167 UDP port 53 answered The DNS operation timed out after 1.694 seconds
So, I go to the shell, and run dig google .com, which returns:
;; communications error to 192.168.4.167#53: host unreachable
;; communications error to 192.168.4.167#53: host unreachable
;; communications error to 192.168.4.167#53: host unreachable
I also run netcat -vz 192.168.4.167 53, which returns:
netcat: connect to 192.168.4.167 port 53 (tcp) failed: No route to host
Where I get confused is, if I go the IPA server, DNS appears to be working. When I run systemctl status named, I get this:
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-12-20 20:42:45 EST; 29min ago
Process: 165000 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z “$NAMEDCONF”; else echo ">
Process: 165003 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 165004 (named)
Tasks: 11 (limit: 35868)
Memory: 38.4M (peak: 39.1M)
CPU: 134ms
CGroup: /system.slice/named.service
└─165004 /usr/sbin/named -u named -c /etc/named.conf -E pkcs11Dec 20 20:42:45 mirkwood.me.local named[165004]: zone 100.51.198.IN-ADDR.ARPA/IN: shutting down
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone 255.255.255.255.IN-ADDR.ARPA/IN: shutting down
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone EMPTY.AS112.ARPA/IN: shutting down
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone localhost/IN: loaded serial 0
Dec 20 20:42:45 mirkwood.me.local named[165004]: all zones loaded
Dec 20 20:42:45 mirkwood.me.local named[165004]: running
Dec 20 20:42:45 mirkwood.me.local systemd[1]: Started Berkeley Internet Name Domain (DNS).
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone 4.168.192.in-addr.arpa/IN: loaded serial 1766281365
Dec 20 20:42:45 mirkwood.me.local named[165004]: zone me.local/IN: loaded serial 1766281365
When I run nmap -sU -O localhost, I get this:
Starting Nmap 7.92 ( https:// nmap. org ) at 2025-12-20 20:47 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000025s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed udp ports (port-unreach)
PORT STATE SERVICE
53/udp open domain
88/udp open|filtered kerberos-sec
111/udp open rpcbind
464/udp open|filtered kpasswd5
5353/udp open|filtered zeroconf
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hopsOS detection performed. Please report any incorrect results at https:// nmap. org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds
And when I run nmap -sT -O localhost, I get this:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000030s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 986 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
111/tcp open rpcbind
389/tcp open ldap
443/tcp open https
464/tcp open kpasswd5
631/tcp open ipp
636/tcp open ldapssl
749/tcp open kerberos-adm
8009/tcp open ajp13
8080/tcp open http-proxy
8443/tcp open https-alt
No exact OS matches for host (If you know what OS is running on it, see https:// nmap. org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.92%E=4%D=12/20%OT=22%CT=1%CU=32454%PV=N%DS=0%DC=L%G=Y%TM=694751
OS:B1%P=x86_64-redhat-linux-gnu)SEQ(SP=103%GCD=1%ISR=106%TI=Z%CI=Z%II=I%TS=
OS:A)SEQ(SP=103%GCD=1%ISR=106%TI=Z%CI=Z%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST
OS:11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(
OS:W1=8200%W2=8200%W3=8200%W4=8200%W5=8200%W6=8200)ECN(R=Y%DF=Y%T=40%W=8200
OS:%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(
OS:R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z
OS:%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y
OS:%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RI
OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https:/ /nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.36 seconds
So, it appears to my admittedly untrained eye that DNS is working on the FreeIPA server, but nevertheless not reachable by the TrueNAS server. I’m at a bit of a loss for how to continue troubleshooting this.