my config uses bind and bind-dyndb-ldap to host zone data in ldap.  i am
trying to achieve the equivalent directives and configuration of bind
+bind-dyndb-ldap that i have in straight bind.

attached is my forward zone (frozen before copying data, so that the jnl
entries were written out).

the desired outcome is to have zones configured so that unqualified
queries are looked up locally and return properly, if appropriate,
before being forwarded to any forwarders or via the hints to the roots
or whatever is configured to be done with a record that does not have a
locally authoritative entry.

while zytrax does have good articles, the reference i provided is
directly out of the bind admin guide, and likely a more authoritative
voice on the subject.

i have validated that when no $ORIGIN directive is set, a query using
the short name will fail when looked up locally, and will either be
forwarded or recursively searched for.  the examples i provided go
against bind+bind-dyndb-ldap, and the short name query fails.  doing the
same lookups against my straight bind instance, using the attached zone
file, gives authoritative responses for both short and FQDN queries.
$TTL 3600       ; 1 hour                IN SOA (
                                21684      ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
$TTL 600        ; 10 minutes
_kerberos               TXT     "BPK2.COM"
$TTL 5  ; 5 seconds
cache                   A
ceton                   A
$TTL 3600       ; 1 hour
desktop                 A
$TTL 1800       ; 30 minutes
                        TXT     "004f797684e9ec50c37966ab6377f6e5c6"
$TTL 3600       ; 1 hour
dhcp01                  CNAME   server
dhcp02                  CNAME   vpn
edge1037                A
                        TXT     "31f8a6da151fb3fc048a6e3dbcd4099896"
HP001560497B44          CNAME   printer
inspire                 A
$TTL 1800       ; 30 minutes
                        TXT     "3105220f898df9aa1cecba75583223a0e2"
$TTL 3600       ; 1 hour
iphone                  A
                        TXT     "318d91a7366c7a0cbd8ac4a8cf5f11f2f8"
ipsec                   A
$TTL 600        ; 10 minutes
kerberos                A
$TTL 3600       ; 1 hour
laptop                  A
$TTL 1800       ; 30 minutes
                        TXT     "002a031452f258ef236a2463b272372ad6"
$TTL 3600       ; 1 hour
ldap                    A
ldap-master             CNAME   server
ldap1                   CNAME   server
ldap2                   CNAME   vpn
modem                   A
music                   CNAME   desktop
ncsi                    CNAME   server
ns01                    CNAME   vpn
ns02                    CNAME   server
ntp                     CNAME   vpn
printer                 A
                        TXT     "316f7731238b38ada102f07b426eb98a95"
$TTL 600        ; 10 minutes
proxy                   A
proxy1                  CNAME   server
proxy2                  CNAME   vpn
router                  CNAME   router-vlan254
$TTL 3600       ; 1 hour
router-ipmi             A
$TTL 600        ; 10 minutes
router-vlan1            A
router-vlan2            A
router-vlan25           A
router-vlan253          A
router-vlan254          A
router-vlan3            A
router-vlan37           A
router-vlan50           A
router-vlan52           A
server                  A
server-ipmi             A
server-old              A
switch                  A
wpad.tcp                TXT     "service: wpad:!";
                        SRV     0 0 80 server
$TTL 3600       ; 1 hour
test                    A
$TTL 1800       ; 30 minutes
                        TXT     "00b6f6a38a5caaab7be5bdc35d2d3e7acc"
$TTL 600        ; 10 minutes
tproxy                  CNAME   server
vpn                     A
vpn-ipmi                A
wifi-g                  A
wifi-guest              A
wifi-n                  A
wpad                    CNAME   www
www                     A
www1                    CNAME   server
www2                    CNAME   vpn

Freeipa-users mailing list

Reply via email to