Hello list :-)
I'm currently working with some VM's in order to replicate a setup at work for which we want to use freeIPA.
Though I'm familiar with Linux in general, I'm a complete "newbie" as far as freeIPA is concerned.
Currently I have the following VM's running CentOS 7 in the network 128.0.208.0/21 <- I assume the netmask is the problem!
Server IPA1: fully configured with IPA: 128.0.209.91/21 Server IPA2: cloned from IPA1 when IPA software was installed but not configured: 128.0.209.191/21
Server A-CM: not yet IPA configured, shall be an IPA client 128.0.211.10/21 Server B-CM: not yet IPA configured, shall be an IPA client 128.0.211.110/21
So I used the following article as reference:
https://blog.christophersmart.com/articles/freeipa-how-to-fedora/
First thing I noticed was that there is no reverse zone automatically configured:
------------------------------------------------------------------------------
BIND DNS server will be configured to serve IPA domain with:
[...]
Reverse zone(s): No reverse zone
------------------------------------------------------------------------------
After following the article until the first IPA server was set up, I noticed that the reverse lookup does not work:
-----------------------------------------------------------------------------
host 128.0.209.91 Host 91.209.0.128.in-addr.arpa. not found: 3(NXDOMAIN)
-----------------------------------------------------------------------------
I logged into the WebUI and tried to create the DNS reverse zone with CIDR notation "128.0.208.0/21". The zone that was created was "0.128.in-addr.arpa." Which seems implausible since only 128.0.208.1 - 128.0.215.254 are managed by this DNS server.
Then I stumbled about this (german) page: [ https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&a... ]
which stated: "By the way, the delegation of networks larger than|/24|is quite simple.If, for example, you want to delegate a|/22|network, then you simply delegate the 4/24 networks that make up the|/22|network."
After removing the "0.128.in-addr.arpa." entry I tried to create the reverse zone for "128.0.208.0/24" up to "128.0.215.0/24" but freeIPA claimed that those would already exist.
Basically I hope that someone could help me out with the following questions: -----------------------------------------------------------------------------
1) What is the proper way to create a DNS zone (including reverse zone) for the 128.0.208.0/21 network?
2) How do I list the present zones in order to verify if "128.0.208.0/24" up to "128.0.215.0/24" really do exist? (They are not listed in the WebUI)
3) Within the reverse zone "0.128.in-addr.arpa." i needed to create a PTR entry "91.209" for my server to have "host 128.0.209.91" perform the reverse lookup. Is that the way it is supposed to be?
4) Any good pointer about setting / combining this (freeIPA DNS) with DHCP? (I haven't googled for this, I must admit. Just though of this while I was typing. So feel free to ignore question no. 4 if this is a "dumb" question and there a obvious results on google :-)
PS: I studied https://tools.ietf.org/html/rfc2317 but cannot figure out how to apply this in my scenario.
Thanks to everybody for their time reading and answering!
Cheers,
Thorsten