[Freeipa-users] FreeIPA 4.2.0 CentOS 7: DNS zone forwarding

[Alexander Bokovoy]

On Fri, 15 Jul 2016, Dan.Finkelstein at high5games.com wrote:
>There was a solution: explicitly disable DNSSEC in /etc/named.conf on
>all IPA masters/replicas and restart the named-pkcs11 service. After
>that, zone forwarding worked as expected.
If your DNS upstreams don't provide DNSSEC, it is enough to disable
dnssec validation in named.conf.

-- 
/ Alexander Bokovoy