On 25.2.2015 19:18, Martin Basti wrote:
> And  I'm not sure if forwarding between 2 authoritative zones with the same 
> name 
> will work, because the zone is authoritative on IPA side, so IPA will return 
> authoritative answer NXDOMAIN and will not try to forward query.
> You may need NS delegation to subzone.
> 
> I suggest to create separate zones, there should not be 2 authoritative 
> servers 
> with the same zone.
> 
> FYI: Forward zones IPA 4.1: http://www.freeipa.org/page/V4/Forward_zones

Martin is right.

Could you clarify what are you trying to achieve? What is the use-case? Maybe
we can recommend something for your particular use-case.


=== Background ===
You are trying to create 'overlay'/mix records from two authoritative zones
together which is not supported by BIND.

(After all, term 'authoritative' is used for a reason :-))

If you look at [1] you can see that in all cases the algorithm starts with
following two steps:
1. search local database for an authoritative answer
2. if local server is authoritative, return the answer (including NXDOMAIN if
DNS name was not found)

In practice it means that BIND will never combine local data with data from
forwarders.

[1]
http://www.freeipa.org/page/V4/Forward_zones#Forwarding_policy_in_forward_and_master_zones

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to