[Freeipa-users] DNS zone delegation
Loris Santamaria
loris at lgs.com.ve
Wed Feb 1 18:21:20 UTC 2012
Hi,
I have a dns zone managed by IPA and I'm trying to delegate a zone
managed by Active Directory.
The IPA managed zone is called "corpfbk", and the AD one is
"ad.corpfbk".
I started by adding the proper glue records:
ipa dnsrecord-add corpfbk ns1.ad --a-rec=192.168.3.36
ipa dnsrecord-add corpfbk ns2.ad --a-rec=192.168.3.241
Then I add what I consider should be the zone delegation:
ipa dnsrecord-add corpfbk ad --ns-rec=ns1.ad.corpfbk.,ns2.ad.corpfbk.
Problem is, IPA DNS can't resolve any host in the ad.corpfbk zone,
except ns1 and ns2. Recursion is enabled in named.conf. Dig results:
dig @localhost ad.corpfbk NS +norecurse
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21862
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;ad.corpfbk. IN NS
;; ANSWER SECTION:
ad.corpfbk. 86400 IN NS ns1.ad.corpfbk.
ad.corpfbk. 86400 IN NS ns2.ad.corpfbk.
;; AUTHORITY SECTION:
corpfbk. 86400 IN NS ipa01.central.corpfbk.
corpfbk. 86400 IN NS ipa02.central.corpfbk.
;; ADDITIONAL SECTION:
ns1.ad.corpfbk. 86400 IN A 192.168.3.36
ns2.ad.corpfbk. 86400 IN A 192.168.3.241
ipa01.central.corpfbk. 86400 IN A 192.168.3.6
ipa02.central.corpfbk. 86400 IN A 192.168.3.16
It seems to me, and after testing with other non-IPA based DNS servers,
that the response shouldn't have and "Answer section", but it should
have an "authority section" pointing to ad.corpfbk.
I am doing something wrong? Should I file a bug?
Thanks
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
More information about the Freeipa-users
mailing list