I'm probably not using the correct terminology, so giving me a starting point would be great.
FreeIPA is authoritative for / master of 'identity.demarcohome.com'. Our common domain is 'demarcohome.com', and a BIND9 server is authoritative within our internal network for that zone. DiG-ging 'demarcohome.com' shows it's not authoritative outside our network. If there's a better way to do this dual / split personality DNS that *is straightforward for a mere mortal*, please share it. Otherwise, how do I make FreeIPA respond to queries for '*.demarcohom.com' records. I've already made a forward zone for 'demarcohome.com' and populated it with a few records. Querying the ipa server for those records returns no answer. I'd show some command line examples, but I'm still working through the ipa dns commands. Here's a DiG query for a server with a record in zone ' demarcohome.com': [nick@ipa1 ~]$ dig vcenter.demarcohome.com ; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>> vcenter.demarcohome.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33303 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 789ce7f015d2b67d5abfa8635e42b601057c47bc7fc1b041 (good) ;; QUESTION SECTION: ;vcenter.demarcohome.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Feb 11 09:11:13 EST 2020 ;; MSG SIZE rcvd: 80
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org