[Freeipa-users] DNS forwarder "first" does not fallback to local

Petr Spacek pspacek at redhat.com
Mon Jun 29 11:44:46 UTC 2015 

On 29.6.2015 13:16, Matt . wrote:
> Hi,
> 
> The zones are on both servers, just not all records are, this has a
> reason. One server is maintained by a script, the other one only
> forwards to it if needed.
> 
> The idea is that it does a local lookup, when it doesn't find the
> record locally, it forwards to it's forwarder to see if it has an
> "answer".
> 
> I thought this was working but isn't and following your table it should.

I'm sorry but I do not understand.

Could you please give us specific examples?
- what data you have in what zones and on what server
- what is your forwarding configuration
- what is the result you get
- what is the expected result

Also, please add output from command:
$ rpm -q bind-dyndb-ldap bind ipa-server

Thanks.

> What are my options ?
We will see once I understand your requirement :-)

Petr^2 Spacek

> 2015-06-29 11:20 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>> On 27.6.2015 19:06, Matt . wrote:
>>> Hi All,
>>>
>>> When I add a forwarder with policy to forward first, there is only
>>> forwarder and not a fallback to local when the record doesn't exist on
>>> the forward server.
>>>
>>> When I remove the forwardserver, the local lookup works great again.
>>>
>>> Is this known to 3.0 servers or has it been a bug or am I doing somethin wrong ?
>>
>> Forwarders in FreeIPA behave in the same way as in BIND 9.9 and the behavior
>> you describe seems to be okay.
>>
>> The behavior is summarized in a nice table here:
>> http://www.freeipa.org/page/V4/Forward_zones#Use_Cases
>>
>> In other words, there is no thing like 'look into this zone and look into that
>> zone if the first zone does not contain an answer'. Such behavior would break
>> the very basic principle of DNS - division to independent, self-contained
>> zones. What are you trying to achieve? What is the use-case?
>>
>> Please note that in FreeIPA < 4.1 zones with non-empty 'forwarders' attribute
>> were automatically configured as forward zones. The split to pure forward and
>> master zones happened in FreeIPA 4.1.
>>
>> --
>> Petr^2 Spacek

-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list