Hi Petr,
Bot servers have zone: domain.tld Server1 (192.168.1.1) has: domain.tld foo A 192.168.1.10 bar A 192.168.1.20 Server2 (192.168.2.1) has: domain.tld candy A 192.168.2.100 I have a forward first on Server1 to the IP of Server2 So when my DNS server on my client is 192.168.1.1 and I do a nslookup candy.domain.tld it should not lookup locally but on the forward (Server2). But when I lookup foo.domain.tld it should get a reply of Server1 rpm -q bind-dyndb-ldap bind ipa-server bind-dyndb-ldap-2.3-6.el6_6.x86_64 bind-9.8.2-0.30.rc1.el6_6.3.x86_64 ipa-server-3.0.0-42.el6.centos.x86_64 It would also be great if this is possible between IPA 3 and 4. Thanks for your help so far! Cheers, Matt 2015-06-29 13:44 GMT+02:00 Petr Spacek <[email protected]>: > On 29.6.2015 13:16, Matt . wrote: >> Hi, >> >> The zones are on both servers, just not all records are, this has a >> reason. One server is maintained by a script, the other one only >> forwards to it if needed. >> >> The idea is that it does a local lookup, when it doesn't find the >> record locally, it forwards to it's forwarder to see if it has an >> "answer". >> >> I thought this was working but isn't and following your table it should. > > I'm sorry but I do not understand. > > Could you please give us specific examples? > - what data you have in what zones and on what server > - what is your forwarding configuration > - what is the result you get > - what is the expected result > > Also, please add output from command: > $ rpm -q bind-dyndb-ldap bind ipa-server > > Thanks. > >> What are my options ? > We will see once I understand your requirement :-) > > Petr^2 Spacek > >> 2015-06-29 11:20 GMT+02:00 Petr Spacek <[email protected]>: >>> On 27.6.2015 19:06, Matt . wrote: >>>> Hi All, >>>> >>>> When I add a forwarder with policy to forward first, there is only >>>> forwarder and not a fallback to local when the record doesn't exist on >>>> the forward server. >>>> >>>> When I remove the forwardserver, the local lookup works great again. >>>> >>>> Is this known to 3.0 servers or has it been a bug or am I doing somethin >>>> wrong ? >>> >>> Forwarders in FreeIPA behave in the same way as in BIND 9.9 and the behavior >>> you describe seems to be okay. >>> >>> The behavior is summarized in a nice table here: >>> http://www.freeipa.org/page/V4/Forward_zones#Use_Cases >>> >>> In other words, there is no thing like 'look into this zone and look into >>> that >>> zone if the first zone does not contain an answer'. Such behavior would >>> break >>> the very basic principle of DNS - division to independent, self-contained >>> zones. What are you trying to achieve? What is the use-case? >>> >>> Please note that in FreeIPA < 4.1 zones with non-empty 'forwarders' >>> attribute >>> were automatically configured as forward zones. The split to pure forward >>> and >>> master zones happened in FreeIPA 4.1. >>> >>> -- >>> Petr^2 Spacek > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
