[Freeipa-users] DNS configuration for not resolving some addresses
Karl Forner
karl.forner at gmail.com
Wed Jul 8 14:28:32 UTC 2015
Okay, but DNS doesn't work in that way. Zone example.test. is
authoritative, so it must contain the record or delegation or NXDOMAIN is
returned. You cannot have multiple authoritative copies of one zone with
different data.
>
> The best solution would be to have only internal.example.test. zone
> managed by IPA, and add delegation to this zone into example.test.
>
Ok I understand. But in this setting, how would I implement the lookup so
that internally, ipa.example.test would resolve to
ipa.internal.example.test (internal IP), and externally to the external IP ?
thanks
>
> Martin
>
>
>
>
>
>
> On Wed, Jul 8, 2015 at 4:09 PM, Martin Basti <mbasti at redhat.com> wrote:
>
>> On 08/07/15 14:26, Karl Forner wrote:
>>
>> Hello,
>>
>> When using my freeIPA DNS name server for my domain example.test, I need
>> to exclude some names from the server( to be forwarded to the DNS forwarder
>> for instance.
>>
>> For example, I'd like foo.example.test not to be resolved, but forwarded.
>> How could I implement this ?
>>
>> Thanks.
>> Karl Forner
>>
>>
>> Hello,
>>
>> If you plan to forward whole subzone, you can use forward zones in IPA.
>>
>> example.test -- master zone
>> foo.example.test -- forward zones
>>
>> which IPA version o IPA do you have?
>> If IPA > 4.0, than you can use ipa dnsforwardzone-add command.
>> Otherwise dnszone-add with --forwarder option
>>
>> Do not forget to add proper NS delegation for all sub zones from parent
>> zone.
>> For example: ipa dnsrecord-add example.test. test
>> --ns-rec=ipa.example.test.
>>
>> --
>> Martin Basti
>>
>>
>
>
> --
> Martin Basti
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150708/6e38f103/attachment.htm>
More information about the Freeipa-users
mailing list