[Freeipa-users] reverse lookup dns records in trust setup
John Stein
tde3000 at gmail.com
Sun Jul 19 04:41:59 UTC 2015
Hi,
Does that mean deleting the NS record on AD and creating an A record
instead?
Thanks,
John
On Wed, Jul 15, 2015, 18:28 Petr Spacek <pspacek at redhat.com> wrote:
> On 14.7.2015 15:19, John Stein wrote:
> > Hi,
> >
> > What I meant was that the IPA server is managing two zones:
> >
> > Linux.john.com
> > Which has these records
> > Ipa1 A 192.168.0.140
> > client1 A 192.168.0.11
> >
> > 0.168.192.in-addr.arpa.
> > Which has these records
> > 11 PTR client1.linux.john.com
> > @ NS ipa1.linux.john.com
> >
> > In the AD
> > forward lookup zones
> >> John.com
> >>> linux
> > (Same as parent folder) NS ipa1.linux.john.com
> >
> > Anything more that's unclear?
>
> This is enough.
>
> You have the same 'master' zone configured on IPA and AD, which does not
> make
> sense from DNS point of view.
>
> You need to move all records to one server and configure 'forward' zone on
> the
> other server. In AD terminology you need to create 'conditional forwarder'.
>
> Petr^2 Spacek
>
> >
> > Thank you very much!
> > John
> >
> > On Tue, Jul 14, 2015, 15:52 Petr Spacek <pspacek at redhat.com> wrote:
> >
> >> On 14.7.2015 14:49, John Stein wrote:
> >>> I ran the above commands exactly as I told you on the IPA server. I
> also
> >>> set the IPA server as a global forwarder in the AD.
> >>>
> >>> On Wed, Jul 8, 2015, 12:50 Petr Spacek <pspacek at redhat.com> wrote:
> >>>
> >>>>> On 5.7.2015 08:38, John Stein wrote:
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I ran these commands in the IdM server
> >>>>>>>
> >>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant
> >> JOHN.COM
> >>>>>>> krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;'
> >>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1
> >>>>>>>
> >>>>>>> At the Active Directory I have A and PTR records for the IdM
> >> server and
> >>>>> it
> >>>>>>> is configured as a global forwarder.
> >>>>>>> At the IdM server there are A and PTR records for both the IdM
> >> server and
> >>>>>>> another client.
> >>
> >> Can you explain what you did, exactly? I do not know what 'I have A and
> PTR
> >> records for the IdM server' exactly means. We need to know exactly what
> you
> >> typed in and where you clicked in AD.
> >>
> >> The original information is not sufficient, that is why I asking for
> more
> >> details.
> >>
> >> Petr^2 Spacek
> >>
> >>>>>>> However this setup does not work.
> >>>>>>> From the IdM and linux client every record is resolvable, however
> >> from
> >>>>> the
> >>>>>>> AD only the IdM is resolvable and the client is not.
> >>>>>>>
> >>>>>>> Maybe there's another thing I need to configure in the AD in order
> >> to
> >>>>>>> enable forwarding that I'm missing?
> >>>>>
> >>>>> I'm not sure I understand you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150719/4f93fe1b/attachment.htm>
More information about the Freeipa-users
mailing list