[Freeipa-users] DNS forwarder "first" does not fallback to local
Petr Spacek
pspacek at redhat.com
Tue Jun 30 09:30:28 UTC 2015
On 29.6.2015 18:33, Matt . wrote:
> Hi Petr,
>
> No problem at all! I can remove/move things easily... but this
> splitbrain really makes these 2 networks standing on their own, which
> is what I need.
>
> Both are provisioned but not all the same. It gives me the flexibility
> we need, that's why it's not difficult to move, as it's flexible at
> the moment.
Yeah, you can get most flexibility by using two separate domains for each
network, possibly on two separate servers :-)
Let us know if you need further assistance.
Petr^2 Spacek
> 2015-06-29 18:26 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>> On 29.6.2015 18:22, Matt . wrote:
>>> Hi,
>>>
>>> Because it can happen that hostnames are used twice, but one for each network.
>>>
>>> This sounds a little bit odd, but it has something todo with hostnames
>>> that are needed, public names and internal names. But as both networks
>>> have their own DNS servers, some records are just not provisioned so
>>> need to be added manually to the non-managed server.
>>
>> Okay, so you basically wants 'DNS views'. There is only once advice about
>> that: "Do not do that" :-)
>>
>> I would highly recommend you to read and follow following articles:
>>
>> http://www.freeipa.org/page/Deployment_Recommendations#DNS
>> http://www.freeipa.org/page/DNS#Internal-only_domains
>>
>> Sure, in already deployed network it is not easy but be assured that getting
>> rid of DNS views/split-brain DNS it will save you a lot of headaches in the
>> long term.
>>
>> I'm sorry for uncomforting answers...
>>
>> Petr Spacek @ Red Hat
>>
>>> 2015-06-29 17:11 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>>>> On 29.6.2015 16:10, Matt . wrote:
>>>>> Hi Petr,
>>>>>
>>>>> Yes I understand why this is "not possible". The idea was to have a
>>>>> managed DNS server from scripting and one for "other usage" by clients
>>>>> who only need to know about the "unknown" records on Server1, this as
>>>>> it should forward most and only do specific local lookups.
>>>>>
>>>>> Your subdomain solution might be something if I want to go this way.
>>>>
>>>> I still do not understand the use case. Why not let scripts to modify records
>>>> on one single server?
>>>>
>>>> --
>>>> Petr^2 Spacek
More information about the Freeipa-users
mailing list