On 8.9.2013 05:54, Andrew Lau wrote:
Hi all,

I wasn't able to find much, but is it possible to configure FreeIPA to
serve as a split horizon DNS server?

I would like the local network to be able to enroll and authenticate
locally, but at the same time bridge remote clients as well.

Suggestions?

Could you give us more details? We can try to find some solution for you particular situation.

In general, FreeIPA doesn't support so-called views from BIND9 directly, but you can use e.g. FreeIPA integrated DNS for internal network (the internal view) and expose flat zone file for external view.

Example configuration (/etc/named.conf):
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
        match-clients           { localnets; };
        recursion yes;

        dynamic-db "ipa" {
                library "ldap.so";
                arg "uri ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket";
                arg "base cn=dns, dc=ipa,dc=test";
        };
};

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not match any above view:
 */
        match-clients           { any; };
        recursion no;

        zone "my.external.zone" {
                type master;
                file "my.external.zone.db";
        };
};

Have a nice day.

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to