I think I see the problem - I am really trying to do Split DNS in this
configuration. So I need to keep DNS working, but somehow there must be
a way to have the replica on the outside of the firewall understand that
there is split DNS involved. I am having an issue figuring out if
FreeIPA DNS can do that? Any pointers to some docs?
On 6/20/17 1:32 PM, Kat wrote:
Here is an odd problem (I think).
I am using IPA in one environment, and want to set up a replica in
another environment through natted connections. I can setup the client
to the NAT server, but here is the tricky part - IPA is also DNS. So
if I try to bring the DNS setup over with --
ipa-replica-install --setup-dns --forwarder=10.x.x.x --setup-ca
It fails, because when it tries to lookup the master on the other side
of the NAT FW, of course it resolves incorrectly. The first failure is
conn-check, so even if I --skip-conncheck, it still fails since DNS
will not resolve.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org