[Freeipa-users] reverse lookup dns records in trust setup
Petr Spacek
pspacek at redhat.com
Wed Jul 15 15:28:44 UTC 2015
On 14.7.2015 15:19, John Stein wrote:
> Hi,
>
> What I meant was that the IPA server is managing two zones:
>
> Linux.john.com
> Which has these records
> Ipa1 A 192.168.0.140
> client1 A 192.168.0.11
>
> 0.168.192.in-addr.arpa.
> Which has these records
> 11 PTR client1.linux.john.com
> @ NS ipa1.linux.john.com
>
> In the AD
> forward lookup zones
>> John.com
>>> linux
> (Same as parent folder) NS ipa1.linux.john.com
>
> Anything more that's unclear?
This is enough.
You have the same 'master' zone configured on IPA and AD, which does not make
sense from DNS point of view.
You need to move all records to one server and configure 'forward' zone on the
other server. In AD terminology you need to create 'conditional forwarder'.
Petr^2 Spacek
>
> Thank you very much!
> John
>
> On Tue, Jul 14, 2015, 15:52 Petr Spacek <pspacek at redhat.com> wrote:
>
>> On 14.7.2015 14:49, John Stein wrote:
>>> I ran the above commands exactly as I told you on the IPA server. I also
>>> set the IPA server as a global forwarder in the AD.
>>>
>>> On Wed, Jul 8, 2015, 12:50 Petr Spacek <pspacek at redhat.com> wrote:
>>>
>>>>> On 5.7.2015 08:38, John Stein wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I ran these commands in the IdM server
>>>>>>>
>>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant
>> JOHN.COM
>>>>>>> krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;'
>>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1
>>>>>>>
>>>>>>> At the Active Directory I have A and PTR records for the IdM
>> server and
>>>>> it
>>>>>>> is configured as a global forwarder.
>>>>>>> At the IdM server there are A and PTR records for both the IdM
>> server and
>>>>>>> another client.
>>
>> Can you explain what you did, exactly? I do not know what 'I have A and PTR
>> records for the IdM server' exactly means. We need to know exactly what you
>> typed in and where you clicked in AD.
>>
>> The original information is not sufficient, that is why I asking for more
>> details.
>>
>> Petr^2 Spacek
>>
>>>>>>> However this setup does not work.
>>>>>>> From the IdM and linux client every record is resolvable, however
>> from
>>>>> the
>>>>>>> AD only the IdM is resolvable and the client is not.
>>>>>>>
>>>>>>> Maybe there's another thing I need to configure in the AD in order
>> to
>>>>>>> enable forwarding that I'm missing?
>>>>>
>>>>> I'm not sure I understand you.
More information about the Freeipa-users
mailing list