Hi Jeremy,
On Fri, Jan 13, 2023 at 4:00 PM Jeremy Tourville via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
I am following the directions from here:
Section: 32.6.4. Configuring DNS forwarding in AD
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
I get an error message from AD DNS "The server with this IP Address is
not
authoritative for the required zone"
This error makes me think there is a problem with my IdM DNS server.
My setup is AD integrated and a one way trust is established with AD. I
was able
to create a forwarder from IdM to AD without issue.
My domains:
AD =
gsil.mil
IdM =
idm.gsil.mil
You may also take a look at:
https://www.freeipa.org/page/Active_Directory_trust_setup
Search for "If IPA is subdomain of AD", as your IdM domain is a subdomain
of AD. You may need to set an NS record to delegate authoritative answers
from AD DNS to IdM DNS.
Rafael
I have been reading:
86.1. Supported DNS zone types
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
and
6.1. The two roles of an IdM DNS server
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
as well as several articles on DNS forwarding vs DNS delegation for AD.
This is a step that I was able to make work with no issues in a previous
setup/installation.
Red Hat documentation states:
86.1 Supported DNS Zone Types
"Forward DNS zones
From the perspective of IdM, forward DNS zones do not contain any
authoritative
data. In fact, a forward "zone" usually only contains two
pieces of information:
- A domain name
- The IP address of a DNS server associated with the domain "
6.1. The two roles of an IdM DNS server
By default, the Berkeley Internet Name Domain (BIND) service integrated
with IdM
acts as both an authoritative and a recursive DNS server:
Authoritative DNS server
When a DNS client queries a name belonging to a DNS zone for which the
IdM server
is authoritative, BIND replies with data contained in the
configured zone. Authoritative data always takes precedence over any other
data.
I am still having some confusion why this is not working. Can someone
enlighten
me?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat