Hello list :-)

I'm currently working with some VM's in order to replicate a setup at work for which we want to use freeIPA.

Though I'm familiar with Linux in general, I'm a complete "newbie" as far as freeIPA is concerned.


Currently I have the following VM's running CentOS 7 in the network 128.0.208.0/21  <- I assume the netmask is the problem!

Server IPA1: fully configured with IPA: 128.0.209.91/21
Server IPA2: cloned from IPA1 when IPA software was installed but not configured: 128.0.209.191/21

Server A-CM: not yet IPA configured, shall be an IPA client 128.0.211.10/21
Server B-CM:
not yet IPA configured, shall be an IPA client 128.0.211.110/21


So I used the following article as reference:

https://blog.christophersmart.com/articles/freeipa-how-to-fedora/

First thing I noticed was that there is no reverse zone automatically configured:

------------------------------------------------------------------------------

BIND DNS server will be configured to serve IPA domain with:
[...]
Reverse zone(s):  No reverse zone
------------------------------------------------------------------------------

After following the article until the first IPA server was set up, I noticed that the reverse lookup does not work:

-----------------------------------------------------------------------------

host 128.0.209.91
Host 91.209.0.128.in-addr.arpa. not found: 3(NXDOMAIN)

-----------------------------------------------------------------------------

I logged into the WebUI and tried to create the DNS reverse zone with CIDR notation "128.0.208.0/21". The zone that was created was "0.128.in-addr.arpa." Which seems implausible since only 128.0.208.1 - 128.0.215.254 are managed by this DNS server.


Then I stumbled about this (german) page: [ https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.denniskoerner.de%2Fblog%2F2012%2F03%2F20%2Fhowto-delegation-von-reverse-dns-bei-cidr-netzen-kleiner-24-nach-rfc-2317%2F&edit-text=&act=url ]

which stated:
                "
By the way, the delegation of networks larger than /24 is quite simple. If, for example, you want to delegate a /22 network, then you
                 simply delegate the 4/24 networks that make up the /22network."


After removing the "0.128.in-addr.arpa." entry I tried to create the reverse zone for "128.0.208.0/24" up to "128.0.215.0/24" but freeIPA claimed that those would already exist.



Basically I hope that someone could help me out with the following questions:
-----------------------------------------------------------------------------


1) What is the proper way to create a DNS zone (including reverse zone) for the 128.0.208.0/21 network?

2) How do I list the present zones in order to verify if  
"128.0.208.0/24" up to "128.0.215.0/24" really do exist? (They are not listed in the WebUI)

3) Within the reverse zone
"0.128.in-addr.arpa." i needed to create a PTR entry "91.209" for my server to have "host 128.0.209.91" perform the reverse lookup. Is that the way it is supposed to be?

4) Any good pointer about setting / combining this (freeIPA DNS) with DHCP? (I haven't googled for this, I must admit. Just though of this while I was typing. So feel free to ignore question no. 4 if this is a "dumb" question and there a obvious results on google :-)


PS: I studied https://tools.ietf.org/html/rfc2317 but cannot figure out how to apply this in my scenario.


Thanks to everybody for their time reading and answering!

Cheers,

Thorsten