Hi Martin,

The zone name is the following for both servers.

Zone name:
1.10.in-addr.arpa.


I am using zone forwarders.

With forward first enabled though it should try and return an answer from the 
local DNS, it clearly does not though. The only time I receive the local record 
is when forwarding is disabled.

Thanks,
Shaun

[cid:1F369212-0E28-4C3C-8955-33CDA7C2FAB4@blackducksoftware.com]
Shaun Martin
IT\OPS Manager
Black Duck Software
O: +1.781.425.4336

Black Duck Software<http://www.blackducksoftware.com/> | 
OpenHUB<https://www.openhub.net/> | 
OSDelivers<http://osdelivers.blackducksoftware.com/> | OSS 
Logistics<https://www.blackducksoftware.com/oss-logistics>

[cid:CC23E6F1-CA96-4E59-978B-D0D9EDE0F2DB@blackducksoftware.com]   
<http://twitter.com/black_duck_sw> 
[cid:AC8F793C-9870-4ECB-B844-3337F98BA51F@blackducksoftware.com]    
<https://www.linkedin.com/company/black-duck-software> 
[cid:AB6B7F6B-C85C-4E52-8B42-9C9A5EB9D0D1@blackducksoftware.com]    
<https://www.facebook.com/BlackDuckSoftware> 
[cid:931AE271-12EC-458A-BB1F-7455AD35B154@blackducksoftware.com]    
<https://plus.google.com/+Blackducksoftware/> 
[cid:8EB9FA0C-F1E0-4E32-9E58-0D6A646A5625@blackducksoftware.com]    
<http://www.slideshare.net/blackducksoftware> 
[cid:1A0AC858-0DCC-44B4-B3D0-8BB35E291B02@blackducksoftware.com]

JP Morgan Chase & Co. Hall of Innovation Inductee 
<https://www.youtube.com/user/BlackDuckSoftware>
<https://www.youtube.com/user/BlackDuckSoftware>
On Feb 25, 2015, at 12:42 PM, Martin Basti 
<mba...@redhat.com<mailto:mba...@redhat.com>> wrote:

On 25/02/15 17:59, Shaun Martin wrote:
Hi,

I am having an issue with the forward first not appear to be working. I have 
two separate IPA servers that server separate realms. I have for the reverse 
zone configured forwarders to point to the other realms IPA server. All 
versions are identical on the IPA servers. I have included details on version 
and tests that show this is not working.

$ yum list installed |grep bind-dyndb-ldap
bind-dyndb-ldap.x86_64                 3.5-4.el7                       @base

$ yum list installed |grep ipa
ipa-admintools.x86_64                  3.3.3-28.0.1.el7.centos.3       @updates
ipa-client.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
ipa-python.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
ipa-server.x86_64                      3.3.3-28.0.1.el7.centos.3       @updates
libipa_hbac.x86_64                     1.11.2-68.el7_0.6               @updates
libipa_hbac-python.x86_64              1.11.2-68.el7_0.6               @updates
python-iniparse.noarch                 0.4-9.el7                       @anaconda
sssd-ipa.x86_64

BELOW IS WITH FORWARDING DISABLED. It cannot find 10.1.0.9 but can find 
10.1.20.9. This is expected as this server only has the 10.1.20.9 record.
$ nslookup
> server 10.1.20.9
Default server: 10.1.20.9
Address: 10.1.20.9#53
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

9.20.1.10.in-addr.arpa name = prd-ops-ipa01.uzb.local.
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN

BELOW IS WITH FORWARDING ENABLED. It cannot find 10.1.20.9 but can find 
10.1.0.9. This is expected as the forwarding server only has the 10.1.0.9 
record.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.


BELOW IS WITH FORWARD FIRST ENABLED. It cannot find 10.1.20.9 but can find 
10.1.0.9. This is un-expected as the local zone has the 10.1.20.9 and the 
forward server has the 10.1.0.9 so we should be getting both.
> 10.1.20.9
Server: 10.1.20.9
Address: 10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server: 10.1.20.9
Address: 10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpa name = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpa nameserver = ops-ipa01.bbf.local.
ops-ipa01.bbf.local internet address = 10.1.0.9


Any help is greatly appreciated.

Thanks,
Shaun

<Mail Attachment.png>
Shaun Martin
IT\OPS Manager
Black Duck Software
O: +1.781.425.4336

Black Duck Software<http://www.blackducksoftware.com/> | 
OpenHUB<https://www.openhub.net/> | 
OSDelivers<http://osdelivers.blackducksoftware.com/> | OSS 
Logistics<https://www.blackducksoftware.com/oss-logistics>

<Mail Attachment.png>   <http://twitter.com/black_duck_sw> <Mail 
Attachment.png>   <https://www.linkedin.com/company/black-duck-software> <Mail 
Attachment.png>   <https://www.facebook.com/BlackDuckSoftware> <Mail 
Attachment.png>   <https://plus.google.com/+Blackducksoftware/> <Mail 
Attachment.png>   <http://www.slideshare.net/blackducksoftware> <Mail 
Attachment.png>

JP Morgan Chase & Co. Hall of Innovation Inductee 
<https://www.youtube.com/user/BlackDuckSoftware>



Hello,

we need more info:
do you use global forwarders, or zone forwarders?
how your reverse zones are configured (name, delegation)?

Default forwarding policy is first, IMO both of your examples with forwarding 
enabled are forwarding first policy.

Martin


--
Martin Basti

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to