[Pdns-users] pdns << free-ipa with external dns
Brian Candler
b.candler at pobox.com
Thu Feb 23 08:58:18 UTC 2017
On 23/02/2017 03:25, stancs3 wrote:
> I am setting up free-ipa with an*external* dns server,
> ns1.example.com.
You need to step back a bit.
There are two types of DNS server: authoritative and recursive.
In your FreeIPA server, /etc/resolv.conf must point to a *recursive*
server. But where you store records like "ipa1.ipa.example.com" is an
*authoritative* server.
Sometimes people combine both functions into the same server (bind does
this by default). But it's better to separate them. PowerDNS *forces*
you to separate them, since there are separate pdns-auth and
pdns-recursor packages.
So your first question should be: where is the DNS recursor which the
FreeIPA server will resolve against?
If you have an existing on-site recursor, it's fine to use that. For
most domains, it will find the authoritative nameservers it needs to
talk to by following delegations (NS records).
But for 168.192.in-addr.arpa it is impossible to delegate properly, so
you will need to configure your recursive server to *forward* queries
for 168.192.in-addr.arpa to the local authoritative nameserver.
Once you've decided whether you're going to build two new nameservers
(one authoritative and one recursive), or you're going to going to build
an authoritative server and re-use your existing recursive server but
tweak its configuration, we can move on from there.
Regards,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170223/f3e6ee13/attachment-0001.html>
More information about the Pdns-users
mailing list