On Wednesday, July 15, 2015, Martin Basti <<a href="mailto:mbasti@redhat.com">mbasti@redhat.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div text="#000000" bgcolor="#FFFFFF"> <div>On 14/07/15 19:12, Nevada Sanchez wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">I have FreeIPA setup as our primary DNS on an AWS VPC. I setup global forwarding ('Forward First') so that it will forward queries to Amazon's DNS, and then fall back on IPA if it doesn't see a hit. <div><br> </div> <div>This works perfectly fine for forward DNS lookups:</div> <div><br> </div> <div>$ # This host does not exist on FreeIPA, but does on Amazon DNS</div> <div> <div>$ host ip-10-0-6-17.ec2.internal</div> <div>ip-10-0-6-17.ec2.internal has address 10.0.6.17</div> </div> <div><br> </div> <div> <div>However, for reverse lookups, it doesn't seem to get forwarded</div> <div><br> </div> <div>$ # Same host, reverse lookup fails at FreeIPA</div> <div> <div>$ host 10.0.6.17</div> <div>Host 17.6.0.10.in-addr.arpa. not found: 3(NXDOMAIN)</div> <div><br> </div> <div>$ # Explicitly forwarding to Amazon DNS, reverse lookup works</div> <div>$ host 10.0.6.17 10.0.0.2</div> <div>Using domain server:</div> <div>Name: 10.0.0.2</div> <div>Address: 10.0.0.2#53</div> <div>Aliases: </div> <div>17.6.0.10.in-addr.arpa domain name pointer ip-10-0-6-17.ec2.internal.</div> </div> <div><br> </div> <div>Please help. Thanks!</div> <div><br> </div> -- <br> <div> <div dir="ltr"> <div style="font-family:arial;font-size:small"><b><font face="arial, helvetica, sans-serif">Nevada Sanchez</font></b></div> <div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif" color="#666666">Co-Founder, ASIC Design Team Lead</font></div> <div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif"><a href="http://www.butterflynetinc.com/" style="color:rgb(17,85,204)" target="_blank"><img src="https://dl.dropboxusercontent.com/s/qc2obm2qad830x5/BNI%20logo%20%2840%20px%29.png?token_hash=AAHtFB9SECimeD8ttqgGqwlY3MD8nRNHfRQKh3eivl4dsg&dl=1"></a></font></div> <div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif" color="#666666">tel: 203.689.5650 x314 | mobile: 775.863.8726</font></div> <div><font size="1" color="#666666"><span style="font-family:arial">Come </span><a href="http://www.4combinator.com/#opportunities" style="font-family:arial" target="_blank">join us</a><span style="font-family:arial"> and p</span><span style="font-family:arial">ut a dent in the universe!</span></font><br> </div> </div> </div> </div> </div> <br> <fieldset></fieldset> <br> </blockquote> Hello, do you have any reverse zones configured on IPA DNS? (with suffix 10.in-addr.arpa)?<br> <br> <pre cols="72">-- Martin Basti<span></span></pre></div></blockquote><div>Yes. </div><br><br>-- <br><div dir="ltr"><div style="font-family:arial;font-size:small"><b><font face="arial, helvetica, sans-serif">Nevada Sanchez</font></b></div><div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif" color="#666666">Co-Founder, ASIC Design Team Lead</font></div><div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif"><a href="http://www.butterflynetinc.com/" style="color:rgb(17,85,204)" target="_blank"><img src="https://dl.dropboxusercontent.com/s/qc2obm2qad830x5/BNI%20logo%20%2840%20px%29.png?token_hash=AAHtFB9SECimeD8ttqgGqwlY3MD8nRNHfRQKh3eivl4dsg&dl=1"></a></font></div><div style="font-family:arial;font-size:small"><font face="arial, helvetica, sans-serif" color="#666666">tel: 203.689.5650 x314 | mobile: 775.863.8726</font></div><div><font color="#666666" size="1"><span style="font-family:arial">Come </span><a href="http://www.4combinator.com/#opportunities" style="font-family:arial" target="_blank">join us</a><span style="font-family:arial"> and p</span><span style="font-family:arial">ut a dent in the universe!</span></font><br></div></div><br>