[Freeipa-users] Export DNS to external

Terry Soucy tsoucy at salesforce.com
Tue Jan 28 11:53:44 UTC 2014 

A DNS slave here is no different. The slave does not get its
information from IPA. It gets it from a basic zone update from the
master. Configure your slave like you would configure any other DNS
slave.

Terry

Sent from my iPhone

> On Jan 28, 2014, at 7:48 AM, "Choudhury, Suhail" <Suhail.Choudhury at bskyb.com> wrote:
>
> Hi,
>
> We are looking at adding redundancy to our IPA setup by using DNS
> servers external to our IPA servers, so in the event of IPA dying we can
> still resolve against these external DNS servers.
>
> So I'm looking at how I can add a server running BIND as a DNS slave.
>
> Normally on a DNS slave we can set something like the following in
> named.conf:
>
> =========================================
>
> // query-source address * port 53;
> allow-transfer {208.99.198.184/32;};
> };
>
> //
> // a caching only nameserver config
> //
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
>
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
>
> zone "yourdomain.com" IN {
> type slave;
> file "/var/named/yourdomain.com.zone";
> // allow-update { none; };
> allow-transfer { 192.168.0.1/32; };
> masters { 192.168.0.1; };
> };
>
> zone "0.168.192.in-addr.arpa" IN {
> type slave;
> file "/var/named/0.168.192.rev";
> // allow-update { none; };
> allow-transfer { 192.168.0.1/32; };
> masters { 192.168.0.1; };
> };
>
> =========================================
>
> In the IPA server's named.conf I see DNS entries are loaded up via LDAP:
>
> =========================================
>
> include "/etc/named.rfc1912.zones";
>
> dynamic-db "ipa" {
>        library "ldap.so";
>        arg "uri ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-COM.socket";
>        arg "base cn=dns, dc=sub,dc=domain,dc=com";
>        arg "fake_mname ipa01.sub.domain.com.";
>        arg "auth_method sasl";
>        arg "sasl_mech GSSAPI";
>        arg "sasl_user DNS/ipa01.sub.domain.com";
>        arg "zone_refresh 0";
>        arg "psearch yes";
>        arg "connections 4";
>        arg "serial_autoincrement yes";
> };
>
> =========================================
>
> Has anyone successfully pulled DNS zones out of IPA to BIND slaves?
>
> --
> Regards,
> Suhail.
> DevOps(Recs), BSkyB.
>
>
> Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this p!
> aragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list