[Freeipa-users] Windows Server can't use FreeIPA's DNS server
Brian Candler
b.candler at pobox.com
Mon Jan 16 17:16:12 UTC 2017
On 16/01/2017 16:37, Raul Dias wrote:
> Did some testing.
>
> From the windows server, did a port scanner on the IPA server (tcp +
> udp), no blocking between. (tested open).
>
> The IPA has DNSSEC on, but that is for the zones only, right? There is
> no indication of DNSSEC in the datagrams.
>
You can have a DNSSEC-validating resolver (cache), but you're right
you'd see things in the packet (EDNS).
> The wireshark in the windows server:
>
Looks like a perfectly good DNS response to me. Windows is a strange
beast :-(
Horrible workaround: if you can find a DNS server which Windows likes,
you can configure that DNS server to forward all the IPA-hosted zones to
the IPA server.
More information about the Freeipa-users
mailing list