i am wondering if bind-dyndb-ldap supports stub zones. below would be a use case for me.
say i have a network with a lot of external client connectivity (over leased line, MPLS, VPN, etc). the clients connections are used for inbound, outbound or bi-directional traffic (file transfers, web traffic, data exchange, etc). because of the size of my network, my already large and complex routing scheme for my own needs does not need to be made more complex by having to route my client's address space, so i devote specific networks out of my address space to 1-to-1 or static NAT addresses. by doing this, i can push all that traffic to the vpn endpoints or routers that manage that connectivity, without having to route "foreign" networks in the core. to make life easier, i want to have DNS names assigned to the NAT addresses, but the names are not in my authoritative name space, and may be internet resolvable, should a recursive search be performed. say i have mydomain.tld registered, and i have 300.555.0.0/16 assigned (yes, i know that does not exist). i would devote 300.555.254.0/23 to these 1-to-1 NATs. client Example Corp has dedicated connectivity to me and i want to access their website over that connection. the site, www.example.com, is internet resolvable but i dont want to access the internet accessible site. i want DNS resolution to point to my NAT, and take the traffic to the VPN where the NAT occurs and the traffic is pushed across to the client. with stub zones, i could create a zone, example.com, put a record for www into that zone and assign it my 1-to-1 NAT address of 300.555.254.1. i push my internal requests for that resource towards my vpn or client connection router, and perform the NAT at that device. my routing stays free of "foreign" networks and the traffic ends up where i want it. can bind-dyndb-ldap manage stub zones? how would one create the necessary ldap entries? sub zones require some extra work, so i would imagine stub zones do too, if they are currently supported. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
