Martin Kosek wrote:
I suggest adding the following doc to the end of chapter "5.6.
DNS" (after the paragraphs about forwarders):

Any host is permitted to issue recursive queries against configured
forwarders by default. When required, this behavior can be changed
in /etc/named.conf in "allow-recursion" statement. Please consult name
server documentation for details how to edit the configuration
statement.

----
How to test:
1) install IPA with --setup-dns and defined --forwarder
2) query record not-managed by installed IPA (e.g. www.freeipa.org) from
localhost - should pass both with and without the patch
3) query record not-managed by installed IPA from other computer from
different subnet - fails without the patch and should pass with the
patch

----
Update name server configuration file to allow any host to issue
recursive queries (allow-recursion statement).

https://fedorahosted.org/freeipa/ticket/1335


ack, pushed to master and ipa-2-0

Deon, this won't affect existing installations so this would be a candidate for Release Notes. Users will need to manually update named.conf if they want this feature.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to