https://bugzilla.redhat.com/show_bug.cgi?id=713798
It would be helpful if "allow-recursion { any; };" would be set by default in IPA DNS to allow IPA clients from other subnets to resolve host names correctly.
How to test: 1. install IPA with --setup-dns and defined --forwarder 2. query record not-managed by installed IPA (e.g. www.freeipa.org) from localhost - should pass both with and without the patch 3. query record not-managed by installed IPA from other computer from different subnet - fails without the patch and should pass with the patch
Suggested documentation change:
I suggest adding the following doc to the end of chapter "5.6. DNS" (after the paragraphs about forwarders):
Any host is permitted to issue recursive queries against configured forwarders by default. When required, this behavior can be changed in /etc/named.conf in "allow-recursion" statement. Please consult name server documentation for details how to edit the configuration statement.
master: 5f4c75e
ipa-2-0: 99669f5
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.