[Freeipa-users] IPA managed DNS stub-zones
Dale Macartney
dale at themacartneyclan.com
Sat Jun 9 20:23:10 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Evening all
I am trying to set up a stub zone from my IPA domain (example.com) to my
Windows domain (nt.example.com.
Network details as follows
example.com
managed by IPA server ds01.example.com 10.0.1.11
nt.example.com
managed by Win server dc01.nt.example.com 10.0.2.11
I have tried adding the stub zone on the IPA server from the cli and now
also from the web UI but results are both the same.
When adding the stub zone, IPA seems to think of it as managing the
entire zone and not pointing it to the remote DNS server. It basically
add's itself as the SOA.
see below output from dig. Queries have been run against ds01.example.com
[root at ds01 ~]# dig -t soa example.com
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> -t soa example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2632
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com. IN SOA
;; ANSWER SECTION:
example.com. 86400 IN SOA ds01.example.com.
root.ds01.example.com. 2037 3600 900 1209 3600
;; AUTHORITY SECTION:
example.com. 86400 IN NS ds01.example.com.
;; ADDITIONAL SECTION:
ds01.example.com. 86400 IN A 10.0.1.11
;; Query time: 0 msec
;; SERVER: 10.0.1.11#53(10.0.1.11)
;; WHEN: Sat Jun 9 22:13:51 2012
;; MSG SIZE rcvd: 105
[root at ds01 ~]# dig -t soa nt.example.com
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> -t soa nt.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37259
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;nt.example.com. IN SOA
;; ANSWER SECTION:
nt.example.com. 86400 IN SOA ds01.example.com.
root.nt.example.com. 2012090601 3600 900 1209600 3600
;; AUTHORITY SECTION:
nt.example.com. 86400 IN NS dc01.nt.example.com.
;; Query time: 2 msec
;; SERVER: 10.0.1.11#53(10.0.1.11)
;; WHEN: Sat Jun 9 22:14:02 2012
;; MSG SIZE rcvd: 97
[root at ds01 ~]#
from the cli and webUI there is no way of adding an alternative SOA
record. I would prefer to keep all DNS attributes inside of LDAP,
otherwise there isnt much purpose in running both ldap integrated DNS as
well as standard bind servers. These should ideally be working together.
Does anyone have any recommendations for setting an alternative SOA
record for a stub zone in IPA? Has anyone encountered this before?
Many thanks
Dale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJP07CiAAoJEAJsWS61tB+qG/UQAI9OtYSMfjIoUxDdryE5KPTB
gRrszTMaQYGTN0gjUctnwuY5ZVetcIP9JFposRP/9uLgElkAvnmd1hQyBjbMCqLN
1VykTr4tgkqc4w3eJlimlYACV7w2Whq06Du3TCfo2seCzjNjEkh9nIoiJvNBgVVF
noLTxbpaE5gbAqtXRfhF2CbQYyPJJLxVPmxDH2bDro3Pjt5+ohkdMRSWgckq+QQv
iHW0Eca0A8GCBPTRt4/qMBo8piN8/meAcORUc73PWba0CJzgUPMTSngxkoAwo76T
uEeZ18EjdZE6htRiiIY5K5CEUctX5Xgz2NhP5Nfb9+or3GGClouJLJJaYeHS3HGC
9X0EBVH0pT/LUWkbBvg3sAwd1oPuBfFm/X6/EJFvMG4HGPPEi2860N/SFutTflhf
PbxGN/PHw9rEveJS80QmOJpLdOQkGWz2+7vsxeYvCoXMg3jMR4KTQ7OCUn5IElud
7bWlx4ovtkAHaljTN95B8cl/CUL058JsUKqZOleMNhPp7Tp9dCVkZgjyDzIfGDqE
1ehhTWLXOwM9aFN7I1RT8C/EY7K2a4eSsKet45wiHd3TF/ck27ZvuuRWFdnsURbJ
h9MVtzKgPg/Sw6OODWNZkiuKnOSM6lyvo5llHlBzA/uo6lPNY5lejvE1IWsMOdcx
bdRXu6OBBgBk5c99Wf7c
=smD6
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120609/6aef2307/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120609/6aef2307/attachment.sig>
More information about the Freeipa-users
mailing list