On 16/01/2017 16:37, Raul Dias wrote:
Did some testing.

From the windows server, did a port scanner on the IPA server (tcp + udp), no blocking between. (tested open).

The IPA has DNSSEC on, but that is for the zones only, right? There is no indication of DNSSEC in the datagrams.

You can have a DNSSEC-validating resolver (cache), but you're right you'd see things in the packet (EDNS).

The wireshark in the windows server:

Looks like a perfectly good DNS response to me. Windows is a strange beast :-(

Horrible workaround: if you can find a DNS server which Windows likes, you can configure that DNS server to forward all the IPA-hosted zones to the IPA server.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to