I am following the directions from here: Section: 32.6.4. Configuring DNS forwarding in AD https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-trust-between-idm-and-ad_installing-identity-management#configuring-dns-forwarding-in-ad_configuring-dns-and-realm-settings-for-a-trust I get an error message from AD DNS "The server with this IP Address is not authoritative for the required zone"
This error makes me think there is a problem with my IdM DNS server. My setup is AD integrated and a one way trust is established with AD. I was able to create a forwarder from IdM to AD without issue. My domains: AD = gsil.mil IdM = idm.gsil.mil I have been reading: 86.1. Supported DNS zone types https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/managing-dns-zones-in-idm_configuring-and-managing-idm#adding-a-primary-dns-zone-in-idm-web-ui_managing-dns-zones-in-idm and 6.1. The two roles of an IdM DNS server https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/working_with_dns_in_identity_management/managing-dns-forwarding-in-idm_working-with-dns-in-identity-management#the-two-roles-of-an-idm-dns-server_managing-dns-forwarding-in-idm as well as several articles on DNS forwarding vs DNS delegation for AD. This is a step that I was able to make work with no issues in a previous setup/installation. Red Hat documentation states: 86.1 Supported DNS Zone Types "Forward DNS zones From the perspective of IdM, forward DNS zones do not contain any authoritative data. In fact, a forward "zone" usually only contains two pieces of information: - A domain name - The IP address of a DNS server associated with the domain " 6.1. The two roles of an IdM DNS server By default, the Berkeley Internet Name Domain (BIND) service integrated with IdM acts as both an authoritative and a recursive DNS server: Authoritative DNS server When a DNS client queries a name belonging to a DNS zone for which the IdM server is authoritative, BIND replies with data contained in the configured zone. Authoritative data always takes precedence over any other data. I am still having some confusion why this is not working. Can someone enlighten me? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
