[Freeipa-users] separating authoritative servers from recursive servers
Brendan Kearney
bpk678 at gmail.com
Tue Oct 6 01:40:10 UTC 2015
i have two bind instances in somewhat of a multi-master server
arrangement, where they share the same ldap backend via
bind-dyndb-ldap. currently, they are authoritative and recursive
servers, and i want to change things up a bit. i want to move the
recursive function to a third device. for this, i believe i need to set
a forwarder for the two current servers. i believe i would do this by
adding the idnsForwarders object (with value) on the OU that is the
idnsConfigObject.
i am looking for a sanity check, to ensure that i am not overlooking
something important. are there any steps i am missing? i want the
current two instances to be authoritative for all my forward and reverse
zones, and use the forwarder for all recursion. the forwarder instance
is already running, and is setup to answer queries from only the two
current instances. i think i just need to point the current instances
to the forwarder instance, and turn off recursion on them.
thanks in advance,
brendan
More information about the Freeipa-users
mailing list