[Freeipa-users] DNS forward to sub domain not working

[Sumit Bose]

On Mon, Oct 22, 2012 at 08:57:56PM +0200, Fred van Zwieten wrote:
> Hello,
> 
> I have a problem. My setup:
> 
> - IPA server for domain example.com on ipa.example.com
> - DNS server sub.example.com on host.sub.example.com
> - client.example.com with IP-nr off ipa.example.com in resolv.conf
> - an A record for client.sub.example.com in DNS server host.sub.example.com
> 
> Problem: I cannot resolve the address of client.sub.example.com from
> client.example.com.
> 
> I have tried all kinds of configs:
> 1. Configured global forwarding in named.conf on ipa.example.com
> 2. Configured zone forwarding in named.conf on ipa.example.com for zone
> sub.example.com
> 3. Configured global forwarding in IPA server
> 4. Add a zone sub.example.conf in IPA and configured forwarding on that
> zone.
> 
> Nothing works. I keep getting NXDOMAIN when doing a dig. If I query the DNS
> server on host.sub.example.com directly, it resolves.
> 
> Using RHEL6.3 on all hosts.
> 
> I found an old bugzilla on recursion problems. in namd.conf recursion is
> allowed for "any".

I think it is not a recursion issue, but related to delegation. Since
the IPA DNS server on ipa.example.com thinks he is
responsible/authoritative for the whole example.com he would also try to
handle request for sub.example.com.

You have to tell the DNS serve explicitly that there is another DNS
server for sub.example.com by calling:

ipa dnsrecord-add example.com subdns --a-ip-address=1.2.3.4
ipa dnsrecord-add example.com sub --ns-hostname=subdns

Please note that the DNS server for sub.example.com is now called
'subdns.example.com' since a name from the example.com domain is needed
because otherwise the name cannot be resolved.

HTH

bye,
Sumit

> 
> I'm not sure if this is a IPA or a DNS issue..
> 
> Fred

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users