I have my FreeIPA server setup with a forward only policy for DNS.

If I perform an nslookup against either of the configured forward servers, I 
can do a reverse lookup properly.

If I perform the same nslookup against my local server, it will not find the 
entry.

I have confirmed that there are no conflicting zones or reverse zones on my 
FreeIPA server.

Tests below :

1.    Show forwarding configuration

2.    Test lookup against localhost of own domain name (prove we can find 
records we host as primary)

3.    Prove we can do forward lookup on the host that we can't reverse lookup on

4.    Reverse lookup fails against localhost

5.    Reverse lookup succeeds against forward server 1

6.    Reverse lookup succeeds against forward server 2

So... if I am set to always forward, and I don't host this domain (or a parent 
of it), and I can lookup the server on my forwarded domains,

Then... why can't that query get forwarded properly according to my forwarding 
settings ?

1. ===========================
[root@dc2-ipa-dev-van ~]# ipa dnsconfig-show
  Global forwarders: 10.21.0.15, 10.21.0.14
  Forward policy: only
  Allow PTR sync: TRUE
2. ===========================
  [root@dc2-ipa-dev-van ~]# nslookup
> dc2-ipa-dev-van.dev-mydomain.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   dc2-ipa-dev-van.dev-mydomain.net
Address: 10.21.0.98
3. ===========================
> officedc2.office.mydomain.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   officedc2.office.mydomain.net
Address: 10.6.60.6
4. ===========================
> 10.6.60.6
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find 6.60.6.10.in-addr.arpa: NXDOMAIN
5. ===========================
> server 10.21.0.14
Default server: 10.21.0.14
Address: 10.21.0.14#53
> 10.6.60.6
Server:         10.21.0.14
Address:        10.21.0.14#53

Non-authoritative answer:
6.60.6.10.in-addr.arpa  name = officedc2.office.mydomain.net.

Authoritative answers can be found from:
6. ===========================
> server 10.21.0.15
Default server: 10.21.0.15
Address: 10.21.0.15#53
> 10.6.60.6
Server:         10.21.0.15
Address:        10.21.0.15#53

Non-authoritative answer:
6.60.6.10.in-addr.arpa  name = officedc2.office.mydomain.net.

Authoritative answers can be found from:
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to