Hello list :-)
I'm currently working with some VM's in order to replicate a
setup at work for which we want to use freeIPA.
Though I'm familiar with Linux in general, I'm a complete
"newbie" as far as freeIPA is concerned.
Currently I have the following VM's running CentOS 7 in the
network 128.0.208.0/21 <- I assume the netmask is the
problem!
Server IPA1: fully configured with IPA: 128.0.209.91/21
Server IPA2: cloned from IPA1 when IPA software was installed
but not configured: 128.0.209.191/21
Server A-CM: not yet IPA configured, shall be an IPA client
128.0.211.10/21
Server B-CM: not yet IPA configured, shall be an IPA
client 128.0.211.110/21
So I used the following article as reference:
https://blog.christophersmart.com/articles/freeipa-how-to-fedora/
First thing I noticed was that there is no reverse zone
automatically configured:
------------------------------------------------------------------------------
BIND DNS server will be configured to serve IPA domain with:
[...]
Reverse zone(s): No reverse zone
------------------------------------------------------------------------------
After following the article until the first IPA server was set
up, I noticed that the reverse lookup does not work:
-----------------------------------------------------------------------------
host 128.0.209.91
Host 91.209.0.128.in-addr.arpa. not found: 3(NXDOMAIN)
-----------------------------------------------------------------------------
I logged into the WebUI and tried to create the DNS reverse zone
with CIDR notation "128.0.208.0/21". The zone that was created was
"0.128.in-addr.arpa." Which seems implausible since only
128.0.208.1 - 128.0.215.254 are managed by this DNS server.
Then I stumbled about this (german) page: [
https://translate.google.de/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.denniskoerner.de%2Fblog%2F2012%2F03%2F20%2Fhowto-delegation-von-reverse-dns-bei-cidr-netzen-kleiner-24-nach-rfc-2317%2F&edit-text=&act=url
]
which stated:
"By the way, the delegation of
networks larger than /24
is
quite simple. If,
for example, you want to delegate a /22
network, then you
simply delegate the 4/24 networks that
make up the /22
network."
After removing the "0.128.in-addr.arpa." entry I
tried to create the reverse zone for "128.0.208.0/24" up
to "128.0.215.0/24" but freeIPA claimed that those would
already exist.
Basically I hope that someone could help me out with the
following questions:
-----------------------------------------------------------------------------
1) What is the proper way to create a DNS zone (including
reverse zone) for the 128.0.208.0/21 network?
2) How do I list the present zones in order to verify if "128.0.208.0/24" up to
"128.0.215.0/24"
really do exist? (They are not listed in the WebUI)
3) Within the reverse zone "0.128.in-addr.arpa." i needed to
create a PTR entry "91.209" for my server to have "host
128.0.209.91" perform the reverse lookup. Is that the way
it is supposed to be?
4) Any good pointer about setting / combining this
(freeIPA DNS) with DHCP? (I haven't googled for this, I
must admit. Just though of this while I was typing. So
feel free to ignore question no. 4 if this is a "dumb"
question and there a obvious results on google :-)
PS: I studied https://tools.ietf.org/html/rfc2317 but
cannot figure out how to apply this in my scenario.
Thanks to everybody for their time
reading and answering!
Cheers,
Thorsten