I have FreeIPA installed on RHEL 6 server. There is an existing windows domain and DNS; <a href="http://example.com" target="_blank">example.com</a>. I created a FreeIPA domain of <a href="http://example.com" target="_blank">example.com</a>. I have attempted to configure the "forward first" option in both the DNS Global Configuration and the <a href="http://example.com" target="_blank">example.com</a> zone configuration. I would like all lookups to first point to the forwarder and if it is unable to resolve I want it to look at the FreeIPA DNS. As I understand it, the "forward first" setting should accomplish this. Unfortunately DNS is behaving as if the "forward only" option is enabled as it will resolve addresses outside of the FreeIPA <a href="http://example.com" target="_blank">example.com</a> domain but will not resolve hosts that are only in the FreeIPA <a href="http://example.com" target="_blank">example.com</a> domain. I am very new to FreeIPA and would appreciate any help that can be provided.<br>
<br>Here is my named.conf:<br><br>
<p class="MsoNormal">options {</p>
<p class="MsoNormal"><span style> </span>// turns on
IPv6 for port 53, IPv4 is on by default for all ifaces</p>
<p class="MsoNormal"><span style> </span>listen-on-v6
{any;};</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style> </span>// Put files
that named is allowed to write in the data/ directory:</p>
<p class="MsoNormal"><span style> </span>directory
"/var/named"; // the default</p>
<p class="MsoNormal"><span style> </span>dump-file<span style> </span>"data/cache_dump.db";</p>
<p class="MsoNormal"><span style>
</span>statistics-file<span style>
</span>"data/named_stats.txt";</p>
<p class="MsoNormal"><span style>
</span>memstatistics-file<span style>
</span>"data/named_mem_stats.txt";</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style> </span>forward first;</p>
<p class="MsoNormal"><span style> </span>forwarders {</p>
<p class="MsoNormal"><span style> </span>192.168.x.x;</p>
<p class="MsoNormal"><span style> </span>};</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style> </span>// Any host is
permitted to issue recursive queries</p>
<p class="MsoNormal"><span style>
</span>allow-recursion { any; };</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style>
</span>tkey-gssapi-credential "DNS/<a href="http://freeipa.example.com">freeipa.example.com</a>";</p>
<p class="MsoNormal"><span style> </span>tkey-domain
"<a href="http://EXAMPLE.COM">EXAMPLE.COM</a>";</p>
<p class="MsoNormal">};</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">/* If you want to enable debugging, eg. using the 'rndc
trace' command,</p>
<p class="MsoNormal"><span style> </span>* By default, SELinux
policy does not allow named to modify the /var/named directory,</p>
<p class="MsoNormal"><span style> </span>* so put the default
debug log file in data/ :</p>
<p class="MsoNormal"><span style> </span>*/</p>
<p class="MsoNormal">logging {</p>
<p class="MsoNormal"><span style> </span>channel
default_debug {</p>
<p class="MsoNormal"><span style> </span>file
"data/named.run";</p>
<p class="MsoNormal"><span style>
</span>severity dynamic;</p>
<p class="MsoNormal"><span style> </span>};</p>
<p class="MsoNormal">};</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">zone "." IN {</p>
<p class="MsoNormal"><span style> </span>type hint;</p>
<p class="MsoNormal"><span style> </span>file
"<a href="http://named.ca">named.ca</a>";</p>
<p class="MsoNormal">};</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">include "/etc/named.rfc1912.zones";</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">dynamic-db "ipa" {</p>
<p class="MsoNormal"><span style> </span>library
"ldap.so";</p>
<p class="MsoNormal"><span style> </span>arg "uri
ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket";</p>
<p class="MsoNormal"><span style> </span>arg "base
cn=dns, dc=example,dc=com";</p>
<p class="MsoNormal"><span style> </span>arg
"fake_mname <a href="http://freeipa.example.com">freeipa.example.com</a>.";</p>
<p class="MsoNormal"><span style> </span>arg
"auth_method sasl";</p>
<p class="MsoNormal"><span style> </span>arg
"sasl_mech GSSAPI";</p>
<p class="MsoNormal"><span style> </span>arg
"sasl_user DNS/<a href="http://freeipa.example.com">freeipa.example.com</a>";</p>
<p class="MsoNormal"><span style> </span>arg
"zone_refresh 30";</p>
<p class="MsoNormal">};</p>
<br><br>
<br>Thanks in advance,<br>Albert<br>