Martin Kosek wrote:
I suggest adding the following doc to the end of chapter "5.6.
DNS" (after the paragraphs about forwarders):
Any host is permitted to issue recursive queries against configured
forwarders by default. When required, this behavior can be changed
in /etc/named.conf in "allow-recursion" statement. Please consult name
server documentation for details how to edit the configuration
How to test:
1) install IPA with --setup-dns and defined --forwarder
2) query record not-managed by installed IPA (e.g. www.freeipa.org) from
localhost - should pass both with and without the patch
3) query record not-managed by installed IPA from other computer from
different subnet - fails without the patch and should pass with the
Update name server configuration file to allow any host to issue
recursive queries (allow-recursion statement).
ack, pushed to master and ipa-2-0
Deon, this won't affect existing installations so this would be a
candidate for Release Notes. Users will need to manually update
named.conf if they want this feature.
Freeipa-devel mailing list