[Freeipa-users] DNS forwarders
Petr Spacek
pspacek at redhat.com
Tue Mar 17 13:51:52 UTC 2015
On 17.3.2015 14:06, Martin Basti wrote:
> On 17/03/15 13:32, Roberto Cornacchia wrote:
>> Hi there,
>>
>> I've just installed freeIPA on a FC21 server and trying to perform some
>> sanity checks.
>>
>> A first puzzle for me is: I have some DNS forwarders, which I selected
>> during installation.
>> They do work and they do appear in /etc/named.conf
>>
>> forward first;
>> forwarders {
>> 217.21.244.7;
>> 217.21.244.66;
>> 8.8.8.8;
>> 8.8.4.4;
>> };
>>
>> However, I don't see them as DNS forwarders in IPA? Should I see them?
>>
>> Roberto
>>
>>
> Hello,
>
> if you want to see them in IPA, you must add those forwarders with IPA command
>
> ipa dnsconfig-mod --forwarder=8.8.4.4 --forwarder=8.8.8.8 ...
> or using webUI
>
> This setting will override configuration of forwarders in named.conf.
>
> I don't know if there are some historical reasons to configure forwarders only
> in named.conf during installation, do you know Petr?
This is done for practical purposes. In cases where you have multiple IPA
servers scatted across the globe you most likely do not want to use the same
set of forwarders for all IPA DNS servers - usually you want to use nearest
forwarder possible.
'ipa dnsconfig' is global for the whole cluster, /etc/named.conf is local for
that particular server.
It would be nice to move per-server configuration to LDAP to make it available
via IPA user interface but up to know it did not get priority.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list