[Freeipa-users] DNS forward to sub domain not working
Fred van Zwieten
fvzwieten at vxcompany.com
Tue Oct 23 08:29:03 UTC 2012
Hi all,
Thank you for you're input. I found a more or less similar solution
here<https://groups.google.com/forum/?fromgroups=#!topic/comp.protocols.dns.bind/mdhS0OxQnD4>
(I
tried Google first, but the art there is to formulate the correct search
phrase..).
I seem to have it working by doing this:
1. Add A record for subns.example.com
2. Add NS record for sub.example.com to subns.example.com
Although Petr says to stay away from forwarder, it does not work without
them. I had to enter zone forwarding addresses on example.com.
After updates I only got it working after restarting named on the IPA
server.
Thank you for the answers
Fred
On Tue, Oct 23, 2012 at 10:00 AM, Petr Spacek <pspacek at redhat.com> wrote:
> On 10/23/2012 09:51 AM, Sumit Bose wrote:
> > On Mon, Oct 22, 2012 at 08:57:56PM +0200, Fred van Zwieten wrote:
> >> Hello,
> >>
> >> I have a problem. My setup:
> >>
> >> - IPA server for domain example.com on ipa.example.com
> >> - DNS server sub.example.com on host.sub.example.com
> >> - client.example.com with IP-nr off ipa.example.com in resolv.conf
> >> - an A record for client.sub.example.com in DNS server
> host.sub.example.com
> >>
> >> Problem: I cannot resolve the address of client.sub.example.com from
> >> client.example.com.
> >>
> >> I have tried all kinds of configs:
> >> 1. Configured global forwarding in named.conf on ipa.example.com
> >> 2. Configured zone forwarding in named.conf on ipa.example.com for zone
> >> sub.example.com
> >> 3. Configured global forwarding in IPA server
> >> 4. Add a zone sub.example.conf in IPA and configured forwarding on that
> >> zone.
> >>
> >> Nothing works. I keep getting NXDOMAIN when doing a dig. If I query the
> DNS
> >> server on host.sub.example.com directly, it resolves.
> >>
> >> Using RHEL6.3 on all hosts.
> >>
> >> I found an old bugzilla on recursion problems. in namd.conf recursion is
> >> allowed for "any".
> >
> > I think it is not a recursion issue, but related to delegation. Since
> > the IPA DNS server on ipa.example.com thinks he is
> > responsible/authoritative for the whole example.com he would also try to
> > handle request for sub.example.com.
> >
> > You have to tell the DNS serve explicitly that there is another DNS
> > server for sub.example.com by calling:
> >
> > ipa dnsrecord-add example.com subdns --a-ip-address=1.2.3.4
> > ipa dnsrecord-add example.com sub --ns-hostname=subdns
> >
> > Please note that the DNS server for sub.example.com is now called
> > 'subdns.example.com' since a name from the example.com domain is needed
> > because otherwise the name cannot be resolved.
> >
> > HTH
> >
> > bye,
> > Sumit
> >
> >>
> >> I'm not sure if this is a IPA or a DNS issue..
> >>
> >> Fred
>
> Hello,
>
> please don't use forwarders, just create a NS+A record pair for
> "sub.example.com" domain in IPA DNS as Sumit wrote above.
>
> Current version seems to have some problems with forwarders, I will
> investigate it.
>
> Configuration with forwarders are often confusing, please don't use them
> if it
> is not necessary.
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121023/855a070b/attachment.htm>
More information about the Freeipa-users
mailing list