[Freeipa-users] DNS forwarders

Martin Kosek mkosek at redhat.com
Fri Nov 21 07:24:03 UTC 2014 

IPA does not need to have internet access. But if you want to have the IPA
server time synchronized, it needs to have access to the NTP server of your choice.

Martin

On 11/21/2014 03:00 AM, Rolf Nufable wrote:
> I have a new question ( stupid question really ) 
> is it required for the IPA server to have internet access? cuz thats my only way to get the time right in my freeipa server.. the timedatectl in fedora20 
> while using ntp theres some bugs maybe that every after reboot it doesn't automatically run,( even with chkconfig on , even the ntpdate service doesn't run automatically with chkconfig ) 
> TIA  
> 
>      On Thursday, November 20, 2014 12:34 AM, Martin Kosek <mkosek at redhat.com> wrote:
>    
> 
>  On 11/20/2014 08:10 AM, Rolf Nufable wrote:
>> I've installed freeipa 4.1.1 --setup-dns --no-forwarders so far the installation went well .. but I need to configure freeipa server as a forwarder right?
>> so I used te web UI and added the freeipaserver ip as a forwarder, then I rebooted the freeipa server.
>> after the reboot I couldn't access the web browser. 
>> Any idea on how can I fix this?? 
>> TIA 
>>
>>       On Wednesday, November 19, 2014 7:41 PM, Rolf Nufable <rolf_16_nufable at yahoo.com> wrote:
>>     
>>
>>   I have a quick question Do I need to configure the forwarders of freeipa-server 4.1.1 when doing the freeipa-install-server?
>> I forgot the reason why I don't need to because my email suddenly deleted that message from Martin, and now I can't remember why or how not to include a forwarder, and how to add a forwarder manually.. 
>> TIA
> 
> Forwarders just allows you to configure BIND to forward all requests for zones
> it does not manage to specified name server. Normally, this is not required if
> DNS is set correctly and BIND can simply get results by querying from top "."
> to the required zone (e.g. "example.com.").
> 
> But in internal networks or special deployments, you need to set up the
> forwarders, yes. Just make sure they point to some recursive DNS server. More
> on this topic in this book for example:
> 
> http://www.zytrax.com/books/dns/ch4/
> 
> About your problem - it is probably DNS. Check where your resolv.conf is
> pointing, check if DNS (named service) is running. Check  that IPA is really
> running (ipactl status) and you should find where the problem is.
> 
> Martin
> 
> 
>    
>

More information about the Freeipa-users mailing list