[Freeipa-users] DNS forwarder "first" does not fallback to local
Matt .
yamakasi.014 at gmail.com
Mon Jun 29 12:07:22 UTC 2015
Hi Petr,
Bot servers have zone:
domain.tld
Server1 (192.168.1.1) has:
domain.tld
foo A 192.168.1.10
bar A 192.168.1.20
Server2 (192.168.2.1) has:
domain.tld
candy A 192.168.2.100
I have a forward first on Server1 to the IP of Server2
So when my DNS server on my client is 192.168.1.1 and I do a nslookup
candy.domain.tld it should not lookup locally but on the forward
(Server2). But when I lookup foo.domain.tld it should get a reply of
Server1
rpm -q bind-dyndb-ldap bind ipa-server
bind-dyndb-ldap-2.3-6.el6_6.x86_64
bind-9.8.2-0.30.rc1.el6_6.3.x86_64
ipa-server-3.0.0-42.el6.centos.x86_64
It would also be great if this is possible between IPA 3 and 4.
Thanks for your help so far!
Cheers,
Matt
2015-06-29 13:44 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
> On 29.6.2015 13:16, Matt . wrote:
>> Hi,
>>
>> The zones are on both servers, just not all records are, this has a
>> reason. One server is maintained by a script, the other one only
>> forwards to it if needed.
>>
>> The idea is that it does a local lookup, when it doesn't find the
>> record locally, it forwards to it's forwarder to see if it has an
>> "answer".
>>
>> I thought this was working but isn't and following your table it should.
>
> I'm sorry but I do not understand.
>
> Could you please give us specific examples?
> - what data you have in what zones and on what server
> - what is your forwarding configuration
> - what is the result you get
> - what is the expected result
>
> Also, please add output from command:
> $ rpm -q bind-dyndb-ldap bind ipa-server
>
> Thanks.
>
>> What are my options ?
> We will see once I understand your requirement :-)
>
> Petr^2 Spacek
>
>> 2015-06-29 11:20 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>>> On 27.6.2015 19:06, Matt . wrote:
>>>> Hi All,
>>>>
>>>> When I add a forwarder with policy to forward first, there is only
>>>> forwarder and not a fallback to local when the record doesn't exist on
>>>> the forward server.
>>>>
>>>> When I remove the forwardserver, the local lookup works great again.
>>>>
>>>> Is this known to 3.0 servers or has it been a bug or am I doing somethin wrong ?
>>>
>>> Forwarders in FreeIPA behave in the same way as in BIND 9.9 and the behavior
>>> you describe seems to be okay.
>>>
>>> The behavior is summarized in a nice table here:
>>> http://www.freeipa.org/page/V4/Forward_zones#Use_Cases
>>>
>>> In other words, there is no thing like 'look into this zone and look into that
>>> zone if the first zone does not contain an answer'. Such behavior would break
>>> the very basic principle of DNS - division to independent, self-contained
>>> zones. What are you trying to achieve? What is the use-case?
>>>
>>> Please note that in FreeIPA < 4.1 zones with non-empty 'forwarders' attribute
>>> were automatically configured as forward zones. The split to pure forward and
>>> master zones happened in FreeIPA 4.1.
>>>
>>> --
>>> Petr^2 Spacek
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list