[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] DNS forward to sub domain not working



Hi all,

Thank you for you're input. I found a more or less similar solution here (I tried Google first, but the art there is to formulate the correct search phrase..).

I seem to have it working by doing this:

1. Add A record for subns.example.com
2. Add NS record for sub.example.com to subns.example.com

Although Petr says to stay away from forwarder, it does not work without them. I had to enter zone forwarding addresses on example.com.

After updates I only got it working after restarting named on the IPA server.

Thank you for the answers

Fred

On Tue, Oct 23, 2012 at 10:00 AM, Petr Spacek <pspacek redhat com> wrote:
On 10/23/2012 09:51 AM, Sumit Bose wrote:
> On Mon, Oct 22, 2012 at 08:57:56PM +0200, Fred van Zwieten wrote:
>> Hello,
>>
>> I have a problem. My setup:
>>
>> - IPA server for domain example.com on ipa.example.com
>> - DNS server sub.example.com on host.sub.example.com
>> - client.example.com with IP-nr off ipa.example.com in resolv.conf
>> - an A record for client.sub.example.com in DNS server host.sub.example.com
>>
>> Problem: I cannot resolve the address of client.sub.example.com from
>> client.example.com.
>>
>> I have tried all kinds of configs:
>> 1. Configured global forwarding in named.conf on ipa.example.com
>> 2. Configured zone forwarding in named.conf on ipa.example.com for zone
>> sub.example.com
>> 3. Configured global forwarding in IPA server
>> 4. Add a zone sub.example.conf in IPA and configured forwarding on that
>> zone.
>>
>> Nothing works. I keep getting NXDOMAIN when doing a dig. If I query the DNS
>> server on host.sub.example.com directly, it resolves.
>>
>> Using RHEL6.3 on all hosts.
>>
>> I found an old bugzilla on recursion problems. in namd.conf recursion is
>> allowed for "any".
>
> I think it is not a recursion issue, but related to delegation. Since
> the IPA DNS server on ipa.example.com thinks he is
> responsible/authoritative for the whole example.com he would also try to
> handle request for sub.example.com.
>
> You have to tell the DNS serve explicitly that there is another DNS
> server for sub.example.com by calling:
>
> ipa dnsrecord-add example.com subdns --a-ip-address=1.2.3.4
> ipa dnsrecord-add example.com sub --ns-hostname=subdns
>
> Please note that the DNS server for sub.example.com is now called
> 'subdns.example.com' since a name from the example.com domain is needed
> because otherwise the name cannot be resolved.
>
> HTH
>
> bye,
> Sumit
>
>>
>> I'm not sure if this is a IPA or a DNS issue..
>>
>> Fred

Hello,

please don't use forwarders, just create a NS+A record pair for
"sub.example.com" domain in IPA DNS as Sumit wrote above.

Current version seems to have some problems with forwarders, I will
investigate it.

Configuration with forwarders are often confusing, please don't use them if it
is not necessary.

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]