Re: [Freeipa-users] IPA managed DNS stub-zones
On 06/09/2012 10:23 PM, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all I am trying to set up a stub zone from my IPA domain (example.com) to my Windows domain (nt.example.com. Network details as follows example.com managed by IPA server ds01.example.com 10.0.1.11 nt.example.com managed by Win server dc01.nt.example.com 10.0.2.11 I have tried adding the stub zone on the IPA server from the cli and now also from the web UI but results are both the same. When adding the stub zone, IPA seems to think of it as managing the entire zone and not pointing it to the remote DNS server. It basically add's itself as the SOA. see below output from dig. Queries have been run against ds01.example.com [root@ds01 ~]# dig -t soa example.com ;<<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2<<>> -t soa example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2632 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.com.INSOA ;; ANSWER SECTION: example.com.86400INSOAds01.example.com. root.ds01.example.com. 2037 3600 900 1209 3600 ;; AUTHORITY SECTION: example.com.86400INNSds01.example.com. ;; ADDITIONAL SECTION: ds01.example.com.86400INA10.0.1.11 ;; Query time: 0 msec ;; SERVER: 10.0.1.11#53(10.0.1.11) ;; WHEN: Sat Jun 9 22:13:51 2012 ;; MSG SIZE rcvd: 105 [root@ds01 ~]# dig -t soa nt.example.com ;<<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2<<>> -t soa nt.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37259 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nt.example.com.INSOA ;; ANSWER SECTION: nt.example.com.86400INSOAds01.example.com. root.nt.example.com. 2012090601 3600 900 1209600 3600 ;; AUTHORITY SECTION: nt.example.com.86400INNSdc01.nt.example.com. ;; Query time: 2 msec ;; SERVER: 10.0.1.11#53(10.0.1.11) ;; WHEN: Sat Jun 9 22:14:02 2012 ;; MSG SIZE rcvd: 97 [root@ds01 ~]# from the cli and webUI there is no way of adding an alternative SOA record. I would prefer to keep all DNS attributes inside of LDAP, otherwise there isnt much purpose in running both ldap integrated DNS as well as standard bind servers. These should ideally be working together. Does anyone have any recommendations for setting an alternative SOA record for a stub zone in IPA? Has anyone encountered this before? Many thanks Just create nsrecords for "nt" in exampe.com if you are looking to delegate the nt.example.com subdomain to another server. I've never done this with IPA, but this works for bind with files as back-end. Provide glue, and then delegate zone: $ ipa dnsrecord-add example.com dc01.nt --a-rec=10.0.2.11 $ ipa dnsrecord-add example.com nt --ns-rec=dc01.nt.example.com Rgds, Siggi ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] IPA managed DNS stub-zones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all I am trying to set up a stub zone from my IPA domain (example.com) to my Windows domain (nt.example.com. Network details as follows example.com managed by IPA server ds01.example.com 10.0.1.11 nt.example.com managed by Win server dc01.nt.example.com 10.0.2.11 I have tried adding the stub zone on the IPA server from the cli and now also from the web UI but results are both the same. When adding the stub zone, IPA seems to think of it as managing the entire zone and not pointing it to the remote DNS server. It basically add's itself as the SOA. see below output from dig. Queries have been run against ds01.example.com [root@ds01 ~]# dig -t soa example.com ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> -t soa example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2632 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.com.INSOA ;; ANSWER SECTION: example.com.86400INSOAds01.example.com. root.ds01.example.com. 2037 3600 900 1209 3600 ;; AUTHORITY SECTION: example.com.86400INNSds01.example.com. ;; ADDITIONAL SECTION: ds01.example.com.86400INA10.0.1.11 ;; Query time: 0 msec ;; SERVER: 10.0.1.11#53(10.0.1.11) ;; WHEN: Sat Jun 9 22:13:51 2012 ;; MSG SIZE rcvd: 105 [root@ds01 ~]# dig -t soa nt.example.com ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> -t soa nt.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37259 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nt.example.com.INSOA ;; ANSWER SECTION: nt.example.com.86400INSOAds01.example.com. root.nt.example.com. 2012090601 3600 900 1209600 3600 ;; AUTHORITY SECTION: nt.example.com.86400INNSdc01.nt.example.com. ;; Query time: 2 msec ;; SERVER: 10.0.1.11#53(10.0.1.11) ;; WHEN: Sat Jun 9 22:14:02 2012 ;; MSG SIZE rcvd: 97 [root@ds01 ~]# from the cli and webUI there is no way of adding an alternative SOA record. I would prefer to keep all DNS attributes inside of LDAP, otherwise there isnt much purpose in running both ldap integrated DNS as well as standard bind servers. These should ideally be working together. Does anyone have any recommendations for setting an alternative SOA record for a stub zone in IPA? Has anyone encountered this before? Many thanks Dale -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP07CiAAoJEAJsWS61tB+qG/UQAI9OtYSMfjIoUxDdryE5KPTB gRrszTMaQYGTN0gjUctnwuY5ZVetcIP9JFposRP/9uLgElkAvnmd1hQyBjbMCqLN 1VykTr4tgkqc4w3eJlimlYACV7w2Whq06Du3TCfo2seCzjNjEkh9nIoiJvNBgVVF noLTxbpaE5gbAqtXRfhF2CbQYyPJJLxVPmxDH2bDro3Pjt5+ohkdMRSWgckq+QQv iHW0Eca0A8GCBPTRt4/qMBo8piN8/meAcORUc73PWba0CJzgUPMTSngxkoAwo76T uEeZ18EjdZE6htRiiIY5K5CEUctX5Xgz2NhP5Nfb9+or3GGClouJLJJaYeHS3HGC 9X0EBVH0pT/LUWkbBvg3sAwd1oPuBfFm/X6/EJFvMG4HGPPEi2860N/SFutTflhf PbxGN/PHw9rEveJS80QmOJpLdOQkGWz2+7vsxeYvCoXMg3jMR4KTQ7OCUn5IElud 7bWlx4ovtkAHaljTN95B8cl/CUL058JsUKqZOleMNhPp7Tp9dCVkZgjyDzIfGDqE 1ehhTWLXOwM9aFN7I1RT8C/EY7K2a4eSsKet45wiHd3TF/ck27ZvuuRWFdnsURbJ h9MVtzKgPg/Sw6OODWNZkiuKnOSM6lyvo5llHlBzA/uo6lPNY5lejvE1IWsMOdcx bdRXu6OBBgBk5c99Wf7c =smD6 -END PGP SIGNATURE- 0xB5B41FAA.asc Description: application/pgp-keys 0xB5B41FAA.asc.sig Description: PGP signature ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users