[Freeipa-users] DNS forwarder "first" does not fallback to local
Matt .
yamakasi.014 at gmail.com
Mon Jun 29 11:16:55 UTC 2015
Hi,
The zones are on both servers, just not all records are, this has a
reason. One server is maintained by a script, the other one only
forwards to it if needed.
The idea is that it does a local lookup, when it doesn't find the
record locally, it forwards to it's forwarder to see if it has an
"answer".
I thought this was working but isn't and following your table it should.
What are my options ?
Thanks,
Matt
2015-06-29 11:20 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
> On 27.6.2015 19:06, Matt . wrote:
>> Hi All,
>>
>> When I add a forwarder with policy to forward first, there is only
>> forwarder and not a fallback to local when the record doesn't exist on
>> the forward server.
>>
>> When I remove the forwardserver, the local lookup works great again.
>>
>> Is this known to 3.0 servers or has it been a bug or am I doing somethin wrong ?
>
> Forwarders in FreeIPA behave in the same way as in BIND 9.9 and the behavior
> you describe seems to be okay.
>
> The behavior is summarized in a nice table here:
> http://www.freeipa.org/page/V4/Forward_zones#Use_Cases
>
> In other words, there is no thing like 'look into this zone and look into that
> zone if the first zone does not contain an answer'. Such behavior would break
> the very basic principle of DNS - division to independent, self-contained
> zones. What are you trying to achieve? What is the use-case?
>
> Please note that in FreeIPA < 4.1 zones with non-empty 'forwarders' attribute
> were automatically configured as forward zones. The split to pure forward and
> master zones happened in FreeIPA 4.1.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list