[Freeipa-users] DNS zone delegation

Wed, 01 Feb 2012 10:23:15 -0800 

Hi,

I have a dns zone managed by IPA and I'm trying to delegate a zone
managed by Active Directory.

The IPA managed zone is called "corpfbk", and the AD one is
"ad.corpfbk".

I started by adding the proper glue records:

ipa dnsrecord-add corpfbk ns1.ad --a-rec=192.168.3.36
ipa dnsrecord-add corpfbk ns2.ad --a-rec=192.168.3.241

Then I add what I consider should be the zone delegation:

ipa dnsrecord-add corpfbk ad --ns-rec=ns1.ad.corpfbk.,ns2.ad.corpfbk.

Problem is, IPA DNS can't resolve any host in the ad.corpfbk zone,
except ns1 and ns2. Recursion is enabled in named.conf. Dig results:

dig @localhost ad.corpfbk NS +norecurse
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21862
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;ad.corpfbk.                    IN      NS

;; ANSWER SECTION:
ad.corpfbk.             86400   IN      NS      ns1.ad.corpfbk.
ad.corpfbk.             86400   IN      NS      ns2.ad.corpfbk.

;; AUTHORITY SECTION:
corpfbk.                86400   IN      NS      ipa01.central.corpfbk.
corpfbk.                86400   IN      NS      ipa02.central.corpfbk.

;; ADDITIONAL SECTION:
ns1.ad.corpfbk. 86400   IN      A       192.168.3.36
ns2.ad.corpfbk. 86400   IN      A       192.168.3.241
ipa01.central.corpfbk.  86400   IN      A       192.168.3.6
ipa02.central.corpfbk.  86400   IN      A       192.168.3.16

It seems to me, and after testing with other non-IPA based DNS servers,
that the response shouldn't have and "Answer section", but it should
have an "authority section" pointing to ad.corpfbk.

I am doing something wrong? Should I file a bug?

Thanks
-- 
Loris Santamaria   linux user #70506   xmpp:[email protected]
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:[email protected]
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to