8:12 a.m.
I'm probably not using the correct terminology, so giving me a starting
point would be great.
FreeIPA is authoritative for / master of 'identity.demarcohome.com'. Our
common domain is 'demarcohome.com', and a BIND9 server is authoritative
within our internal network for that zone. DiG-ging 'demarcohome.com' shows
it's not authoritative outside our network. If there's a better way to do
this dual / split personality DNS that *is straightforward for a mere
mortal*, please share it.
Otherwise, how do I make FreeIPA respond to queries for '*.demarcohom.com'
records. I've already made a forward zone for 'demarcohome.com' and
populated it with a few records. Querying the ipa server for those records
returns no answer.
I'd show some command line examples, but I'm still working through the ipa
dns commands. Here's a DiG query for a server with a record in zone '
demarcohome.com':
[nick@ipa1 ~]$ dig vcenter.demarcohome.com
; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>>
vcenter.demarcohome.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33303
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 789ce7f015d2b67d5abfa8635e42b601057c47bc7fc1b041 (good)
;; QUESTION SECTION:
;vcenter.demarcohome.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 11 09:11:13 EST 2020
;; MSG SIZE rcvd: 80