freeipa

Clone
Source Code
GIT

#1335 Set allow-recursion by default in IPA DNS
Closed: Fixed None Opened 12 years ago by rcritten.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=713798

It would be helpful if "allow-recursion { any; };" would be set by default in
IPA DNS to allow IPA clients from other subnets to resolve host names
correctly.

  1. Set it as default.
  2. Document the setting and how to change it via local files.

How to test:
1. install IPA with --setup-dns and defined --forwarder
2. query record not-managed by installed IPA (e.g. www.freeipa.org) from localhost - should pass both with and without the patch
3. query record not-managed by installed IPA from other computer from different subnet - fails without the patch and should pass with the patch

Suggested documentation change:

I suggest adding the following doc to the end of chapter "5.6.
DNS" (after the paragraphs about forwarders):

Any host is permitted to issue recursive queries against configured
forwarders by default. When required, this behavior can be changed
in /etc/named.conf in "allow-recursion" statement. Please consult name
server documentation for details how to edit the configuration
statement.

master: 5f4c75e

ipa-2-0: 99669f5

Metadata Update from @rcritten:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.1 - 2011/07
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=713798
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.