Hi all,

   I have a DNS question on how/why my IPA DNS servers are trying to hit
the root DNS internet servers.  My IPA servers are in private networks only
serving DNS for the private domains they manage but recently the network
indicated they see my ipa IPs trying to hit the outside world.  After
obtaining the logs I noticed they are trying to hit the internet root DNS
servers.  I then tracked down named.ca on the IPAs which correlates to the
IPs the network
team is showing.  I then found named.conf references named.ca for hints.

This is where I imagine it is coming from in named.conf

zone "." IN {
        type hint;
        file "named.ca";

Question is how can I stop my IPA DNS servers from trying to hit the
internet root DNS servers?  I was thinking commenting out named.ca in
named.conf but imagine bad things happening.
I guess I could also make a new file for named.ca and reference it in
named.conf...then scp it to the other ipas but no idea as to the syntax
(giving it a shot at bottom of email) or if it can be empty.  Any help is

IPA clients resolv.conf are set for search domain and the nameserver IPs of
the IPA servers.


Commands used for server install:
 ipa-server-install --setup-dns

Attempt at correct syntax if I need a file with info in it..file named say
If my IPA servers are named DNS1 and DNS2 would this work or not even need?

.                        3600000      NS    DNS1.
DNS1.      3600000      A
DNS1.      3600000      AAAA  2001:7fd::1
.                        3600000      NS    DNS2.
DNS2.      3600000      A
DNS2.      3600000      AAAA  2001:503:c27::2:30

Sean Hogan

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to