[Freeipa-users] Split Horizon DNS on IPA?
Petr Spacek
pspacek at redhat.com
Mon Sep 9 10:26:11 UTC 2013
On 8.9.2013 05:54, Andrew Lau wrote:
> Hi all,
>
> I wasn't able to find much, but is it possible to configure FreeIPA to
> serve as a split horizon DNS server?
>
> I would like the local network to be able to enroll and authenticate
> locally, but at the same time bridge remote clients as well.
>
> Suggestions?
Could you give us more details? We can try to find some solution for you
particular situation.
In general, FreeIPA doesn't support so-called views from BIND9 directly, but
you can use e.g. FreeIPA integrated DNS for internal network (the internal
view) and expose flat zone file for external view.
Example configuration (/etc/named.conf):
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
recursion yes;
dynamic-db "ipa" {
library "ldap.so";
arg "uri ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket";
arg "base cn=dns, dc=ipa,dc=test";
};
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not match any above view:
*/
match-clients { any; };
recursion no;
zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};
Have a nice day.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list