It is necessary in cases where:
In that case BIND will forward all queries for 'sub.test.'. This will break DNS if global forwarder don't know zone 'sub.test.'.
It is usual situation - global forwarder is caching DNS server from ISP but 'sub.test.' is some internal name.
LDIF for 'parent' IPA server test.ldif
LDIF for 'subordinate' IPA server sub.test.ldif
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=869323
Steps to reproduce:
Dig @server1 for record 'rec.sub.test.' from zone 'sub.test.' (served by server2)
$ dig @server1 rec.sub.test. -t ANY ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION: ;rec.sub.test. IN ANY
Resolution failed.
There has to be a way to disable forwardning for zone 'test.'. Atkac and Mkosek agreed on special string "none" in place of forwarder's IP address (idnsForwarders attribute).
Expected behaviour - after writing 'none' to idnsForwarders for zone 'test.' (on server1):
$ dig @server1 rec.sub.test. -t ANY ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25701 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; ANSWER SECTION: rec.sub.test. 85907 IN TXT "this data came from vm-061" ;; AUTHORITY SECTION: sub.test. 85907 IN NS ns.sub.test. ;; ADDITIONAL SECTION: ns.sub.test. 85907 IN A 10.16.78.61
Atkac, Mkosek and I agreed on moving special "none" string to "idnsForwardPolicy". idnsForwarders will be ignored if "idnsForwardPolicy" is "none".
Fixed by 83c717ff8cfaef700dfea5b75f98f7bcc46973e2
Metadata Update from @pspacek: - Issue assigned to pspacek - Issue set to the milestone: 2.1 plugin bugfix
Log in to comment on this ticket.