On Mon, Sep 9, 2013 at 8:26 PM, Petr Spacek <pspa...@redhat.com> wrote:
> On 8.9.2013 05:54, Andrew Lau wrote: > >> Hi all, >> >> I wasn't able to find much, but is it possible to configure FreeIPA to >> serve as a split horizon DNS server? >> >> I would like the local network to be able to enroll and authenticate >> locally, but at the same time bridge remote clients as well. >> >> Suggestions? >> > > Could you give us more details? We can try to find some solution for you > particular situation. > > In general, FreeIPA doesn't support so-called views from BIND9 directly, > but you can use e.g. FreeIPA integrated DNS for internal network (the > internal view) and expose flat zone file for external view. > > Example configuration (/etc/named.conf): > view "internal" > { > /* This view will contain zones you want to serve only to "internal" > clients > that connect via your directly attached LAN interfaces - "localnets" . > */ > match-clients { localnets; }; > recursion yes; > > dynamic-db "ipa" { > library "ldap.so"; > arg "uri ldapi://%2fvar%2frun%2fslapd-**IPA-TEST.socket"; > arg "base cn=dns, dc=ipa,dc=test"; > }; > }; > > view "external" > { > /* This view will contain zones you want to serve only to "external" > clients > * that have addresses that are not match any above view: > */ > match-clients { any; }; > recursion no; > > zone "my.external.zone" { > type master; > file "my.external.zone.db"; > }; > }; > > Have a nice day. Hi Petr, Thanks - I ended up running a slave DNS server with bind9 views. It's just a bit of a pain having to now manage two DNS configs but it'll have to do. Thanks, Andrew.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users