On 08/07/15 16:14, Karl Forner wrote:
Thanks Martin, but I do not want to forward the whole subzone.
I have the example.test zone from my web hosting site, that manages
also the domain example.test
I use the example.test domain in freeIPA.
So the problem is that in the internal network, I can no longer
resolve www.example.test.
Of course I can define all such names manually in the freeIPA dns, but
ideally (or naively) I'd like a way to
configure the freeIPA dns like: if you do not know foo.example.test,
instead of returning NXDOMAIN, please forward the request to this
other nameserver.
Okay, but DNS doesn't work in that way. Zone example.test. is
authoritative, so it must contain the record or delegation or NXDOMAIN
is returned. You cannot have multiple authoritative copies of one zone
with different data.
The best solution would be to have only internal.example.test. zone
managed by IPA, and add delegation to this zone into example.test.
Martin
On Wed, Jul 8, 2015 at 4:09 PM, Martin Basti <mba...@redhat.com
<mailto:mba...@redhat.com>> wrote:
On 08/07/15 14:26, Karl Forner wrote:
Hello,
When using my freeIPA DNS name server for my domain example.test,
I need to exclude some names from the server( to be forwarded to
the DNS forwarder for instance.
For example, I'd like foo.example.test not to be resolved, but
forwarded.
How could I implement this ?
Thanks.
Karl Forner
Hello,
If you plan to forward whole subzone, you can use forward zones in
IPA.
example.test -- master zone
foo.example.test -- forward zones
which IPA version o IPA do you have?
If IPA > 4.0, than you can use ipa dnsforwardzone-add command.
Otherwise dnszone-add with --forwarder option
Do not forget to add proper NS delegation for all sub zones from
parent zone.
For example: ipa dnsrecord-add example.test. test
--ns-rec=ipa.example.test.
--
Martin Basti
--
Martin Basti
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project