[Freeipa-users] Still unclear about relation between IPA DNS domain and company DNS domain.
Pieter Nagel
pieter at lautus.net
Wed Dec 7 13:33:41 UTC 2016
Thanks, that helps a lot.
Yes and no. What you see with "@ NS ..." is a glue record -- you are
> supposed to have a glue record for IPA domain in the upstream domain,
> this is how domain delegation works in DNS world.
Except what i saw was the other way around. The FreeIPA server has an
NSrecord claiming that it is authoritative the parent domain, but its
parent domain is hosted at dnsmadeeasy:
~ dig @8.8.8.8 -t NS lautus.net
lautus.net. 86399 IN NS ns15.dnsmadeeasy.com.
~ dig @8.8.8.8 -t NS ipa.lautus.net
ipa.lautus.net. 86399 IN NS ipa-hetzner-cpt4-01.lautus.net.
But as far as the FreeIPA DNS is concerned, it is authoritative for
everything:
~ dig @ipa-hetzner-cpt4-01.lautus.net -t NS lautus.net
lautus.net. 86400 IN NS ipa-hetzner-cpt4-01.lautus.net.
~ dig @ipa-hetzner-cpt4-01.lautus.net -t NS ipa.lautus.net
ipa.lautus.net. 86400 IN NS ipa-hetzner-cpt4-01.lautus.net.
--
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/e1e94b8f/attachment.htm>
More information about the Freeipa-users
mailing list