On 25.2.2015 19:18, Martin Basti wrote: > And I'm not sure if forwarding between 2 authoritative zones with the same > name > will work, because the zone is authoritative on IPA side, so IPA will return > authoritative answer NXDOMAIN and will not try to forward query. > You may need NS delegation to subzone. > > I suggest to create separate zones, there should not be 2 authoritative > servers > with the same zone. > > FYI: Forward zones IPA 4.1: http://www.freeipa.org/page/V4/Forward_zones
Martin is right. Could you clarify what are you trying to achieve? What is the use-case? Maybe we can recommend something for your particular use-case. === Background === You are trying to create 'overlay'/mix records from two authoritative zones together which is not supported by BIND. (After all, term 'authoritative' is used for a reason :-)) If you look at [1] you can see that in all cases the algorithm starts with following two steps: 1. search local database for an authoritative answer 2. if local server is authoritative, return the answer (including NXDOMAIN if DNS name was not found) In practice it means that BIND will never combine local data with data from forwarders. [1] http://www.freeipa.org/page/V4/Forward_zones#Forwarding_policy_in_forward_and_master_zones -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
