On Tue, 2014-04-08 at 16:42 -0500, Justin Brown wrote: > I'm sure that I'm doing this very wrong, but I'm wondering if anyone > can offer any solutions. > > I currently have a relatively small domain that's used internally. > Let's say fandingo.org. This domain covers various class C networks on > 192.168.0.0/16. Currently, there's an Active Directory server that > provides internal (and forwarding) DNS for fandingo.org. I'm in the > experimentation phase with FreeIPA in this environment and don't want > to modify anything outside of FreeIPA for the time being. > > FreeIPA is setup with DNS and has the fandingo.org domain controllers > setup as forwarders. I have my laptop joined to the FreeIPA domain, > but that's where the problem starts. I can correctly resolve any > *.fandingo.org resource in FreeIPA. The problem is that I want to > resolve *.fandingo.org resources that are defined in the Active > Directory DNS. > > Does anyone know how I can configure FreeIPA/BIND to forward all > requests (even those for its own domain) that it can't satisfy rather > than returning NXDOMAIN?
Is FreeIPA shadowing an AD domain ? Ie are the Ad domain and FreeIPA domain using the same domain name ? That would be bad. If you want to manage fadnigo.org in AD it would be a better idea to create a ipa.fandingo.org domain for IPA. Then set forwarders *both* way (or just delegate the domain from AD), to IPA, so all clients regardless of what DNS server are using can resolve both *fandingo.org hosts (via AD DNS) and *.ipa.fandingo.org hosts (via FreeIPa DNS). Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
