Hosts of IPA after adding to IPA will lose ActiveDirectory primary DNS domain. Hosts asking IPA DNS servers for AD domain instead of primary DNS servers which are AD servers.
I have two new ipa servers with dns installed. Both servers have no issue with DNS. I have problem only on added hosts. Main DNS is AD servers with default domain mydomain.local Newly installed IPA servers with DNS. I choose domain name lnxmydomain.local On AD DNS serves I added to "Conditional Forwarders" my new IPA domain "lnxmydomain.local" with IP addresses of my IPA servers. There are multiple "Conditional Forwarders" for example myotherdomain.local From IPA Hosts which have DNS servers AD DNS servers. If I go DNS records myotherdomain.local. Host ask AD DNS servers it is working completly without problem. I dont see any request on IPA DNS servers. My issue: If I try reach any mydomain.local from IPA Hosts. It brake DNS rule and go directly to FreeIPA DNS servers, not to setuped AD DNS servers. I see in named.log on IPA server this query and I see there is adding with IPA domain suffix lnxmydomain.local, copletly it is anythink.mydomain.local.lnxmydomain.local From IPA HOST: ping: smtp.mydomain.local: Temporary failure in name resolution From IPA Server named.log: 10-Dec-2024 11:08:41.659 info: client @0x7fc260cc1558 192.168.1.10#59522 (smtp.mydomain.local.lnxmydomain.local): query: smtp.mydomain.local.lnxmydomain.local IN A +E(0) (192.168.1.60) 10-Dec-2024 11:08:41.659 info: client @0x7fc250009b78 192.168.1.10#57236 (smtp.mydomain.local.lnxmydomain.local): query: smtp.mydomain.local.lnxmydomain.local IN AAAA +E(0) (192.168.1.60) How to avoid breaking DNS rule and not contacting IPA DNS server instead of setuped AD DNS servers. Host DNS configuration: Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Current DNS Server: 192.168.149.10 DNS Servers: 192.168.4.53 192.168.149.53 192.168.2.53 DNS Domain: lnxmydomain.local DNS Servers: 192.168.4.53 192.168.149.53 192.168.2.53 = AD DNS servers package freeipa-server is not installed package freeipa-client is not installed ipa-server-4.12.2-1.el9.x86_64 ipa-client-4.12.2-1.el9.x86_64 389-ds-base-2.5.2-2.el9_5.x86_64 package pki-ca is not installed krb5-server-1.21.1-4.el9_5.x86_64 -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
