I'm probably not using the correct terminology, so giving me a starting
point would be great.

FreeIPA is authoritative for / master of  'identity.demarcohome.com'. Our
common domain is 'demarcohome.com', and a BIND9 server is authoritative
within our internal network for that zone. DiG-ging 'demarcohome.com' shows
it's not authoritative outside our network. If there's a better way to do
this dual / split personality DNS that *is straightforward for a mere
mortal*, please share it.

Otherwise, how do I make FreeIPA respond to queries for '*.demarcohom.com'
records. I've already made a forward zone for 'demarcohome.com' and
populated it with a few records. Querying the ipa server for those records
returns no answer.

I'd show some command line examples, but I'm still working through the ipa
dns commands. Here's a DiG query for a server with a record in zone '
demarcohome.com':

[nick@ipa1 ~]$ dig vcenter.demarcohome.com

; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>> vcenter.demarcohome.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33303
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 789ce7f015d2b67d5abfa8635e42b601057c47bc7fc1b041 (good)
;; QUESTION SECTION:
;vcenter.demarcohome.com.       IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 11 09:11:13 EST 2020
;; MSG SIZE  rcvd: 80
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to