[Freeipa-users] DNS forwarders

[Roberto Cornacchia]

I see. Peter, Martin, thanks for the explanation. My worry was that
something went wrong in my reinstallation, glad to hear it is not the case.

Roberto
On 17 Mar 2015 14:51, "Petr Spacek" <pspacek at redhat.com> wrote:

> On 17.3.2015 14:06, Martin Basti wrote:
> > On 17/03/15 13:32, Roberto Cornacchia wrote:
> >> Hi there,
> >>
> >> I've just installed freeIPA on a FC21 server and trying to perform some
> >> sanity checks.
> >>
> >> A first puzzle for me is: I have some DNS forwarders, which I selected
> >> during installation.
> >> They do work and they do appear in /etc/named.conf
> >>
> >>       forward first;
> >>         forwarders {
> >> 217.21.244.7;
> >> 217.21.244.66;
> >> 8.8.8.8;
> >> 8.8.4.4;
> >>         };
> >>
> >> However, I don't see them as DNS forwarders in IPA? Should I see them?
> >>
> >> Roberto
> >>
> >>
> > Hello,
> >
> > if you want to see them in IPA, you must add those forwarders with IPA
> command
> >
> > ipa dnsconfig-mod --forwarder=8.8.4.4 --forwarder=8.8.8.8 ...
> > or using webUI
> >
> > This setting will override configuration of forwarders in named.conf.
> >
> > I don't know if there are some historical reasons to configure
> forwarders only
> > in named.conf during installation, do you know Petr?
>
> This is done for practical purposes. In cases where you have multiple IPA
> servers scatted across the globe you most likely do not want to use the
> same
> set of forwarders for all IPA DNS servers - usually you want to use nearest
> forwarder possible.
>
> 'ipa dnsconfig' is global for the whole cluster, /etc/named.conf is local
> for
> that particular server.
>
> It would be nice to move per-server configuration to LDAP to make it
> available
> via IPA user interface but up to know it did not get priority.
>
> --
> Petr^2 Spacek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150317/722d0efd/attachment.htm>