[Freeipa-devel] [PATCH] 355 allow named to use ldapi
Rob Crittenden
rcritten at redhat.com
Fri Jan 29 14:57:32 UTC 2010
Jenny Galipeau wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=558984 :-)
> Jason Gerard DeRose wrote:
>> On Wed, 2010-01-27 at 14:53 -0500, Rob Crittenden wrote:
>>
>>> Add SELinux rules so named can communicate to the DS over ldapi.
>>>
>>> This should fix the installation error when --setup-dns is set and
>>> SELinux is enforcing.
>>>
>>> rob
>>>
>>
>> I'm trying to test this out, but I'm not sure what I need to enter for
>> the DNS forwarder:
>>
>> """
>> Enter IP address for a DNS forwarder (empty to stop):
>> """
>>
>> Any advice?
Yeah, you probably don't need to enter anything here.
David, basically with a forwarder it skips the local DNS server and
instead forwards the request to the specified server(s) to do the DNS
resolution work for it.
You can also do per-domain forwarding but we don't supply a
configuration option for that, at least during installation. I assume we
could set that up post-installation. This is handy in a VPN situation.
You run a local caching nameserver with DNS forwards across the VPN for
your company domain(s). Everything else gets resolved using the standard
public roots.
rob
More information about the Freeipa-devel
mailing list