[Freeipa-users] Split Horizon DNS config
Christoph Kaminski
christoph.kaminski at biotronik.com
Tue May 5 05:42:07 UTC 2015
Hi
can someone validate this config for bind + split horizon (only the views
part):
acl internal {
127.0.0.1;
172.16.0.0/12;
};
view "internal"
{
match-clients { internal; };
recursion yes;
dynamic-db "ipa" {
library "ldap.so";
arg "uri ldapi://%2fvar%2frun%2fslapd-HSO.socket";
arg "base cn=dns, dc=hso";
arg "fake_mname ipa-2.mgmt.hss.int.";
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/ipa-2.mgmt.hss.int";
arg "serial_autoincrement yes";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view "external"
{
match-clients { any; };
recursion yes;
zone "mgmt.hss.int" {
type master;
file "mgmt.hss.int.db";
};
zone "in-addr.arpa" {
type forward;
forward only;
forwarders { 172.16.8.210; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
it works but its a little bit unclean hack IMHO. Bind 9.9 in rhel7.1
doesnt support 'in-view' thats the reason why I use a the same host but
the ip from internal acl her:
zone "in-addr.arpa" {
type forward;
forward only;
forwarders { 172.16.8.210; };
};
is there something what can make problems?
MfG
Christoph Kaminski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150505/70ab617d/attachment.htm>
More information about the Freeipa-users
mailing list