Hm... I think my question was not clear, therefore I'll try to repeat it with a better
description.
Therefore I simply take an example from Pi-hole directly: "Pi-hole as All-Around DNS
Solution" (
https://docs.pi-hole.net/guides/unbound/)
This means that basically this procedure should work with Pi-hole + FreeIPA.
1. My client asks the Pi-hole: Who is pi-hole.net? (or any other external domain)
2. My Pi-hole will check its cache and reply if the answer is already known.
3. My Pi-hole will check the blocking lists and reply if the domain is blocked.
4. Since neither 2. nor 3. is true in our example, the Pi-hole delegates the request to
the (local) recursive DNS resolver.
5. My recursive server will send a query to the DNS root servers: "Who is handling
.net?"
6. The root server answers with a referral to the TLD servers for .net.
7. My recursive server will send a query to one of the TLD DNS servers for .net: "Who
is handling pi-hole.net?"
8. The TLD server answers with a referral to the authoritative name servers for
pi-hole.net.
9. My recursive server will send a query to the authoritative name servers: "What is
the IP of pi-hole.net?"
10. The authoritative server will answer with the IP address of the domain
pi-hole.net.
11. My recursive server will send the reply to your Pi-hole which will, in turn, reply to
your client and tell it the answer of its request.
12. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if
any of your clients queries the same domain again.
So, based on this procedure, can I use FreeIPA's DNS server "bind" as
recursive server for Pi-hole?
THX