-----Original Message----- From: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) Sent: Friday, October 03, 2014 7:11 AM To: 'Jan Pazdziora' Subject: RE: [Freeipa-users] named and IpA
Jan, Just for kicks, I tried to use the ipa dnsconfig-mod command to add information about the local name server. I was able to set the forwarding policy but I was only able to set a single forwarder. If I issued a second forwarder, the previous entry was replaced by the new one and only one forwarder shows as active: [root@linux named]# ipa dnsconfig-show Global forwarders: 16.112.240.40 Forward policy: first [root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27 Global forwarders: 16.112.240.27 Forward policy: first [root@linux named]# ipa dnsconfig-show Global forwarders: 16.112.240.27 Forward policy: first If I attempt to place more than one forwarder in the arguments, I get an error: [root@linux named]# ipa dnsconfig-mod --forwarder=16.112.240.27;16.112.240.40 ipa: ERROR: no modifications to be performed bash: 16.112.240.40: command not found... The Fedora documentation only gives examples for adding a single forwarder.....so this seems to be a shortcoming in the current implementation. However, having performed these steps, it still did not allow the local name server to look at anything past the local database or use the designated forwarders. Al -----Original Message----- From: Jan Pazdziora [mailto:jpazdzi...@redhat.com] Sent: Thursday, October 02, 2014 11:23 PM To: Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] named and IpA On Thu, Oct 02, 2014 at 05:05:10PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote: > > >From the IdM server we can only lookup local records. The name > >resolver will not > attempt to look to another other name servers or domains defined in > /etc/resolv.conf What exactly is in your /etc/resolv.conf? Just the IP address of the IPA server (localhost), or some other records? > If I shutdown IdM using ipactl stop and then restart named, the name > resolver works for local and remote hosts, addresses and domains as > well as serving up the SRV records defined on the local host. So if all IdM services are running, you do not seem to have named observing forwarders settings but if you only run named on the IdM machine and nothing else, it starts to observe them? Can you show dig output for one of the problematic records to see which DNS server is answering the query? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project