[Freeipa-users] DNS configuration
Matthew Herzog
matthew.herzog at gmail.com
Tue Dec 2 16:28:38 UTC 2014
I just realized that my IPA servers cannot resolve ANY servers in my
domain. What do I need to do to fix this? Below is my named.conf.
options {
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
listen-on-v6 {any;};
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
forward first;
forwarders {
10.100.8.41;
10.100.8.40;
10.100.4.13;
10.100.4.14;
10.100.4.19;
10.100.4.44;
};
// Any host is permitted to issue recursive queries
allow-recursion { any; };
tkey-gssapi-keytab "/etc/named.keytab";
pid-file "/run/named/named.pid";
};
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named
directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
print-time yes;
};
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
dynamic-db "ipa" {
library "ldap.so";
arg "uri ldapi://%2fvar%2frun%2fslapd-BO3-E-BOZO-COM.socket";
arg "base cn=dns, dc=bo3,dc=e-bozo,dc=com";
arg "fake_mname freeipa-poc01.bo3.e-bozo.com.";
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/freeipa-poc01.bo3.e-bozo.com";
arg "serial_autoincrement yes";
};
--
If life gives you melons, you may be dyslexic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141202/22b3c72d/attachment.htm>
More information about the Freeipa-users
mailing list