On 06/09/2012 10:23 PM, Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Evening all

I am trying to set up a stub zone from my IPA domain (example.com) to my
Windows domain (nt.example.com.

Network details as follows

example.com
managed by IPA server ds01.example.com 10.0.1.11

nt.example.com
managed by Win server dc01.nt.example.com 10.0.2.11

I have tried adding the stub zone on the IPA server from the cli and now
also from the web UI but results are both the same.

When adding the stub zone, IPA seems to think of it as managing the
entire zone and not pointing it to the remote DNS server. It basically
add's itself as the SOA.



see below output from dig. Queries have been run against ds01.example.com

[root@ds01 ~]# dig -t soa example.com

;<<>>  DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2<<>>  -t soa example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2632
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.            IN    SOA

;; ANSWER SECTION:
example.com.        86400    IN    SOA    ds01.example.com.
root.ds01.example.com. 2037 3600 900 1209 3600

;; AUTHORITY SECTION:
example.com.        86400    IN    NS    ds01.example.com.

;; ADDITIONAL SECTION:
ds01.example.com.    86400    IN    A    10.0.1.11

;; Query time: 0 msec
;; SERVER: 10.0.1.11#53(10.0.1.11)
;; WHEN: Sat Jun  9 22:13:51 2012
;; MSG SIZE  rcvd: 105

[root@ds01 ~]# dig -t soa nt.example.com

;<<>>  DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2<<>>  -t soa nt.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37259
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;nt.example.com.            IN    SOA

;; ANSWER SECTION:
nt.example.com.        86400    IN    SOA    ds01.example.com.
root.nt.example.com. 2012090601 3600 900 1209600 3600

;; AUTHORITY SECTION:
nt.example.com.        86400    IN    NS    dc01.nt.example.com.

;; Query time: 2 msec
;; SERVER: 10.0.1.11#53(10.0.1.11)
;; WHEN: Sat Jun  9 22:14:02 2012
;; MSG SIZE  rcvd: 97

[root@ds01 ~]#


from the cli and webUI there is no way of adding an alternative SOA
record. I would prefer to keep all DNS attributes inside of LDAP,
otherwise there isnt much purpose in running both ldap integrated DNS as
well as standard bind servers. These should ideally be working together.

Does anyone have any recommendations for setting an alternative SOA
record for a stub zone in IPA? Has anyone encountered this before?

Many thanks


Just create nsrecords for "nt" in exampe.com if you are looking to delegate the nt.example.com subdomain to another server.

I've never done this with IPA, but this works for bind with files as back-end. Provide glue, and then delegate zone:

$ ipa dnsrecord-add example.com dc01.nt --a-rec=10.0.2.11
$ ipa dnsrecord-add example.com nt --ns-rec=dc01.nt.example.com



Rgds,
Siggi

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to