[Freeipa-users] DNS question on named.ca
Sean Hogan
schogan at us.ibm.com
Tue Oct 18 22:55:52 UTC 2016
Hi all,
I have a DNS question on how/why my IPA DNS servers are trying to hit
the root DNS internet servers. My IPA servers are in private networks only
serving DNS for the private domains they manage but recently the network
team
indicated they see my ipa IPs trying to hit the outside world. After
obtaining the logs I noticed they are trying to hit the internet root DNS
servers. I then tracked down named.ca on the IPAs which correlates to the
IPs the network
team is showing. I then found named.conf references named.ca for hints.
This is where I imagine it is coming from in named.conf
zone "." IN {
type hint;
file "named.ca";
};
Question is how can I stop my IPA DNS servers from trying to hit the
internet root DNS servers? I was thinking commenting out named.ca in
named.conf but imagine bad things happening.
I guess I could also make a new file for named.ca and reference it in
named.conf...then scp it to the other ipas but no idea as to the syntax
(giving it a shot at bottom of email) or if it can be empty. Any help is
appreciated.
IPA clients resolv.conf are set for search domain and the nameserver IPs of
the IPA servers.
Versions:
ipa-server-3.0.0-50.el6.1.x86_64
bind-9.8.2-0.47.rc1.el6.x86_64
Commands used for server install:
ipa-server-install --setup-dns
Attempt at correct syntax if I need a file with info in it..file named say
fakenamed.ca
If my IPA servers are named DNS1 10.10.10.1/2001:7fd::1 and DNS2
10.10.10.2/2001:503:c27::2:30 would this work or not even need?
; OPERATED BY ME
;
. 3600000 NS DNS1.
DNS1. 3600000 A 10.10.10.1
DNS1. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ME
;
. 3600000 NS DNS2.
DNS2. 3600000 A 10.10.10.2
DNS2. 3600000 AAAA 2001:503:c27::2:30
Sean Hogan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161018/66fad8e6/attachment.htm>
More information about the Freeipa-users
mailing list