my config uses bind and bind-dyndb-ldap to host zone data in ldap. i am
trying to achieve the equivalent directives and configuration of bind
+bind-dyndb-ldap that i have in straight bind.
attached is my forward zone (frozen before copying data, so that the jnl
entries were written out).
the desired outcome is to have zones configured so that unqualified
queries are looked up locally and return properly, if appropriate,
before being forwarded to any forwarders or via the hints to the roots
or whatever is configured to be done with a record that does not have a
locally authoritative entry.
while zytrax does have good articles, the reference i provided is
directly out of the bind admin guide, and likely a more authoritative
voice on the subject.
i have validated that when no $ORIGIN directive is set, a query using
the short name will fail when looked up locally, and will either be
forwarded or recursively searched for. the examples i provided go
against bind+bind-dyndb-ldap, and the short name query fails. doing the
same lookups against my straight bind instance, using the attached zone
file, gives authoritative responses for both short and FQDN queries.
$ORIGIN .
$TTL 3600 ; 1 hour
bpk2.com IN SOA server.bpk2.com. root.server.bpk2.com. (
21684 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS vpn.bpk2.com.
NS server.bpk2.com.
$ORIGIN bpk2.com.
$TTL 600 ; 10 minutes
_kerberos TXT "BPK2.COM"
$TTL 5 ; 5 seconds
cache A 192.168.25.1
A 192.168.50.1
ceton A 192.168.200.1
$TTL 3600 ; 1 hour
desktop A 192.168.1.60
$TTL 1800 ; 30 minutes
TXT "004f797684e9ec50c37966ab6377f6e5c6"
$TTL 3600 ; 1 hour
dhcp01 CNAME server
dhcp02 CNAME vpn
edge1037 A 192.168.3.1
TXT "31f8a6da151fb3fc048a6e3dbcd4099896"
HP001560497B44 CNAME printer
inspire A 192.168.2.145
$TTL 1800 ; 30 minutes
TXT "3105220f898df9aa1cecba75583223a0e2"
$TTL 3600 ; 1 hour
iphone A 192.168.2.146
TXT "318d91a7366c7a0cbd8ac4a8cf5f11f2f8"
ipsec A 192.168.52.1
$TTL 600 ; 10 minutes
kerberos A 192.168.25.1
A 192.168.50.1
$TTL 3600 ; 1 hour
laptop A 192.168.1.139
$TTL 1800 ; 30 minutes
TXT "002a031452f258ef236a2463b272372ad6"
$TTL 3600 ; 1 hour
ldap A 192.168.37.3
ldap-master CNAME server
ldap1 CNAME server
ldap2 CNAME vpn
modem A 192.168.100.1
music CNAME desktop
ncsi CNAME server
ns01 CNAME vpn
ns02 CNAME server
ntp CNAME vpn
printer A 192.168.1.3
TXT "316f7731238b38ada102f07b426eb98a95"
$TTL 600 ; 10 minutes
proxy A 192.168.37.1
proxy1 CNAME server
proxy2 CNAME vpn
router CNAME router-vlan254
$TTL 3600 ; 1 hour
router-ipmi A 192.168.253.3
$TTL 600 ; 10 minutes
router-vlan1 A 192.168.1.254
router-vlan2 A 192.168.2.254
router-vlan25 A 192.168.25.254
router-vlan253 A 192.168.253.254
router-vlan254 A 192.168.254.254
router-vlan3 A 192.168.3.254
router-vlan37 A 192.168.37.254
router-vlan50 A 192.168.50.254
router-vlan52 A 192.168.52.254
server A 192.168.25.1
server-ipmi A 192.168.253.1
server-old A 192.168.1.1
switch A 192.168.254.253
wpad.tcp TXT "service: wpad:!http://www.bpk2.com:80/wpad.dat";
SRV 0 0 80 server
$TTL 3600 ; 1 hour
test A 192.168.1.169
$TTL 1800 ; 30 minutes
TXT "00b6f6a38a5caaab7be5bdc35d2d3e7acc"
$TTL 600 ; 10 minutes
tproxy CNAME server
vpn A 192.168.50.1
vpn-ipmi A 192.168.253.2
wifi-g A 192.168.1.253
wifi-guest A 192.168.3.253
wifi-n A 192.168.2.253
wpad CNAME www
www A 192.168.37.2
www1 CNAME server
www2 CNAME vpn
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
