[Freeipa-users] DNS reverse Zones on other server

[Petr Spacek]

Hi,

first of all, please always keep mailing list in Cc. I re-added it back. See
below:

On 2.5.2016 14:40, Wanka, Silvio wrote:
> Petr Spacek wrote:
>> >
> 
> Again Thx for you answer!
> 
>> > It works differently. DNS updates from clients would be forwarded to AD
>> > server (as today) and two-way trust would enable AD to authenticate IPA
>> > clients.
> This is not what I need, my IPA "clients" are always servers with statically IP addresses, i.e. "ipa-client-install" creates a fix A record and the enabled "Allow PTR sync" does nothing because it can't.
> 
>> > Anyway, neither slave nor stub would help you with this problem as both
>> > types are by definition read-only.
> In bind exists an option "allow-update-forwarding" which would offer such possibility but then IPA must use it if the a record should be created but the zone is locally. Maybe in the future. I know from Windows DNS servers which are not Domain Controllers what the forward the request of its clients to create or update a DNS record to the DCs if the domain is configured e.g. as stub zone on this non DC DNS servers.

AFAIK this works only when local server is authoritative for the zone. As far
as I understood you IPA is not authoritative for the reverse zones so it would
do nothing.

I'm curious how this options works with GSS-TSIG updates, I never tried that.

You might set-up slave zone manually in named.conf and then try to enable this
option. Please report your findings to the mailing list, I'm very curious.

I hope this will help.

-- 
Petr^2 Spacek