[Freeipa-users] DNS configuration for not resolving some addresses

Martin Basti mbasti at redhat.com
Wed Jul 8 14:25:20 UTC 2015 

On 08/07/15 16:14, Karl Forner wrote:
> Thanks Martin, but I do not want to forward the whole subzone.
>
> I have the example.test zone from my web hosting site, that manages 
> also the domain example.test
> I use the example.test domain in freeIPA.
> So the problem is that in the internal network, I can no longer 
> resolve www.example.test.
>
> Of course I can define all such names manually in the freeIPA dns, but 
> ideally (or naively) I'd like a way to
> configure the freeIPA dns like: if you do not know foo.example.test, 
> instead of returning NXDOMAIN, please forward the request to this 
> other nameserver.
Okay, but DNS doesn't work in that way. Zone example.test. is 
authoritative, so it must contain the record or delegation or NXDOMAIN 
is returned. You cannot have multiple authoritative copies of one zone 
with different data.

The best solution would be to have only internal.example.test. zone 
managed by IPA, and add delegation to this zone into example.test.

Martin
>
>
>
>
>
> On Wed, Jul 8, 2015 at 4:09 PM, Martin Basti <mbasti at redhat.com 
> <mailto:mbasti at redhat.com>> wrote:
>
>     On 08/07/15 14:26, Karl Forner wrote:
>>     Hello,
>>
>>     When using my freeIPA DNS name server for my domain example.test,
>>     I need to exclude some names from the server( to be forwarded to
>>     the DNS forwarder for instance.
>>
>>     For example, I'd like foo.example.test not to be resolved, but
>>     forwarded.
>>     How could I implement this ?
>>
>>     Thanks.
>>     Karl Forner
>>
>>
>     Hello,
>
>     If you plan to forward whole subzone, you can use forward zones in
>     IPA.
>
>     example.test -- master zone
>     foo.example.test -- forward zones
>
>     which IPA version o IPA do you have?
>     If IPA > 4.0, than you can use ipa dnsforwardzone-add command.
>     Otherwise dnszone-add with --forwarder option
>
>     Do not forget to add proper NS delegation for all sub zones from
>     parent zone.
>     For example: ipa dnsrecord-add example.test. test
>     --ns-rec=ipa.example.test.
>
>     -- 
>     Martin Basti
>
>


-- 
Martin Basti

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150708/eb644ab2/attachment.htm>

More information about the Freeipa-users mailing list