[Freeipa-users] DNS forwarder "first" does not fallback to local
Matt .
yamakasi.014 at gmail.com
Mon Jun 29 16:33:30 UTC 2015
Hi Petr,
No problem at all! I can remove/move things easily... but this
splitbrain really makes these 2 networks standing on their own, which
is what I need.
Both are provisioned but not all the same. It gives me the flexibility
we need, that's why it's not difficult to move, as it's flexible at
the moment.
Thanks again for the heads up!
Matt
2015-06-29 18:26 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
> On 29.6.2015 18:22, Matt . wrote:
>> Hi,
>>
>> Because it can happen that hostnames are used twice, but one for each network.
>>
>> This sounds a little bit odd, but it has something todo with hostnames
>> that are needed, public names and internal names. But as both networks
>> have their own DNS servers, some records are just not provisioned so
>> need to be added manually to the non-managed server.
>
> Okay, so you basically wants 'DNS views'. There is only once advice about
> that: "Do not do that" :-)
>
> I would highly recommend you to read and follow following articles:
>
> http://www.freeipa.org/page/Deployment_Recommendations#DNS
> http://www.freeipa.org/page/DNS#Internal-only_domains
>
> Sure, in already deployed network it is not easy but be assured that getting
> rid of DNS views/split-brain DNS it will save you a lot of headaches in the
> long term.
>
> I'm sorry for uncomforting answers...
>
> Petr Spacek @ Red Hat
>
>> 2015-06-29 17:11 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>>> On 29.6.2015 16:10, Matt . wrote:
>>>> Hi Petr,
>>>>
>>>> Yes I understand why this is "not possible". The idea was to have a
>>>> managed DNS server from scripting and one for "other usage" by clients
>>>> who only need to know about the "unknown" records on Server1, this as
>>>> it should forward most and only do specific local lookups.
>>>>
>>>> Your subdomain solution might be something if I want to go this way.
>>>
>>> I still do not understand the use case. Why not let scripts to modify records
>>> on one single server?
>>>
>>> --
>>> Petr^2 Spacek
>
More information about the Freeipa-users
mailing list