On 10/23/2012 09:51 AM, Sumit Bose wrote:
On Mon, Oct 22, 2012 at 08:57:56PM +0200, Fred van Zwieten wrote:

I have a problem. My setup:

- IPA server for domain example.com on ipa.example.com
- DNS server sub.example.com on host.sub.example.com
- client.example.com with IP-nr off ipa.example.com in resolv.conf
- an A record for client.sub.example.com in DNS server host.sub.example.com

Problem: I cannot resolve the address of client.sub.example.com from

I have tried all kinds of configs:
1. Configured global forwarding in named.conf on ipa.example.com
2. Configured zone forwarding in named.conf on ipa.example.com for zone
3. Configured global forwarding in IPA server
4. Add a zone sub.example.conf in IPA and configured forwarding on that

Nothing works. I keep getting NXDOMAIN when doing a dig. If I query the DNS
server on host.sub.example.com directly, it resolves.

Using RHEL6.3 on all hosts.

I found an old bugzilla on recursion problems. in namd.conf recursion is
allowed for "any".

I think it is not a recursion issue, but related to delegation. Since
the IPA DNS server on ipa.example.com thinks he is
responsible/authoritative for the whole example.com he would also try to
handle request for sub.example.com.

You have to tell the DNS serve explicitly that there is another DNS
server for sub.example.com by calling:

ipa dnsrecord-add example.com subdns --a-ip-address=
ipa dnsrecord-add example.com sub --ns-hostname=subdns

Please note that the DNS server for sub.example.com is now called
'subdns.example.com' since a name from the example.com domain is needed
because otherwise the name cannot be resolved.



I'm not sure if this is a IPA or a DNS issue..



please don't use forwarders, just create a NS+A record pair for "sub.example.com" domain in IPA DNS as Sumit wrote above.

Current version seems to have some problems with forwarders, I will investigate it.

Configuration with forwarders are often confusing, please don't use them if it is not necessary.

Petr^2 Spacek

