Re: [Freeipa-users] DNS forwarding problem

Tue, 23 Oct 2012 00:41:30 -0700 

On 10/22/2012 08:28 PM, Fred van Zwieten wrote:
> Hello,
> 
> I have a problem. My setup:
> 
> - IPA server for domain example.com <http://example.com> on ipa.example.com
> <http://ipa.example.com>
> - DNS server sub.example.com <http://sub.example.com> on host.sub.example.com
> <http://host.sub.example.com>

You mean your own DNS server that is configured via BIND files? I.e. not a IPA
DNS server configured with ipa-dns-install?

> - client.example.com <http://client.example.com> with IP-nr off 
> ipa.example.com
> <http://ipa.example.com> in resolv.conf
> - an A record for client.sub.example.com <http://client.sub.example.com> in 
> DNS
> server host.sub.example.com <http://host.sub.example.com>
> 
> Problem: I cannot resolve the address of client.sub.example.com
> <http://client.sub.example.com> from client.example.com
> <http://client.example.com>.
> 
> I have tried all kinds of configs:
> 1. Configured global forwarding in named.conf on ipa.example.com
> <http://ipa.example.com>
> 2. Configured zone forwarding in named.conf on ipa.example.com
> <http://ipa.example.com> for zone sub.example.com <http://sub.example.com>

Hmm, I am not sure if this works well when you combine file+LDAP configuration
for the same zone. Petr Spacek may want to chime in.

> 3. Configured global forwarding in IPA server
> 4. Add a zone sub.example.conf in IPA and configured forwarding on that zone.

I think this should work. I assume that "sub.example.conf" is just a typo. Can
you please test with the following tcpdump command to see where are the DNS
queries are actually sent?

# tcpdump -ni eth0 udp port 53

Another option to delegate a zone to another machine would be to create an NS
record sub.example.com on ipa.example.com pointing to "host.sub.example.com.".
(host.sub.example.com. has to be resolvable from ipa.example.com so that it
knows where to forward the query).

Martin

> 
> Nothing works. I keep getting NXDOMAIN when doing a dig. If I query the DNS
> server on host.sub.example.com <http://host.sub.example.com> directly, it 
> resolves.
> 
> Using RHEL6.3 on all hosts.
> 
> I found an old bugzilla on recursion problems. in namd.conf recursion is
> allowed for "any".
> 
> Fred

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to