On 08/07/15 16:14, Karl Forner wrote:
Thanks Martin, but I do not want to forward the whole subzone.

I have the example.test zone from my web hosting site, that manages also the domain example.test
I use the example.test domain in freeIPA.
So the problem is that in the internal network, I can no longer resolve www.example.test.

Of course I can define all such names manually in the freeIPA dns, but ideally (or naively) I'd like a way to configure the freeIPA dns like: if you do not know foo.example.test, instead of returning NXDOMAIN, please forward the request to this other nameserver.
Okay, but DNS doesn't work in that way. Zone example.test. is authoritative, so it must contain the record or delegation or NXDOMAIN is returned. You cannot have multiple authoritative copies of one zone with different data.

The best solution would be to have only internal.example.test. zone managed by IPA, and add delegation to this zone into example.test.


On Wed, Jul 8, 2015 at 4:09 PM, Martin Basti <mba...@redhat.com <mailto:mba...@redhat.com>> wrote:

    On 08/07/15 14:26, Karl Forner wrote:

    When using my freeIPA DNS name server for my domain example.test,
    I need to exclude some names from the server( to be forwarded to
    the DNS forwarder for instance.

    For example, I'd like foo.example.test not to be resolved, but
    How could I implement this ?

    Karl Forner


    If you plan to forward whole subzone, you can use forward zones in

    example.test -- master zone
    foo.example.test -- forward zones

    which IPA version o IPA do you have?
    If IPA > 4.0, than you can use ipa dnsforwardzone-add command.
    Otherwise dnszone-add with --forwarder option

    Do not forget to add proper NS delegation for all sub zones from
    parent zone.
    For example: ipa dnsrecord-add example.test. test

-- Martin Basti

Martin Basti

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to