0

I'm trying to rebuild my home network to make use of FreeIPA to manage some Linux clients. This has all gone well on my main network (192.168.222.0/24) with all clients being able to resolve both internal DNS and external requests for google etc. All clients on that network can SSH (with sudo) using a user I created in FreeIPA.

The issue comes when I try to connect my Wifi network (192.168.30.0/24) to the FreeIPA server. Clients on the Wifi network can only resolve internal DNS. Requests for google.com etc. are ignored. This works fine on my main network.

So from a host on my main 192.168.222.0/24 network:

[root@kvm ~]# dig @auth.brocas.home monitoring.brocas.home +short
192.168.222.130
[root@kvm ~]# dig @auth.brocas.home  google.com +short
172.217.169.78

But on my 192.168.30.0/24 network, no external DNS requests are resolved:

[manjaro-i3 ~]# dig @auth.brocas.home monitoring.brocas.home  +short
192.168.222.130
[manjaro-i3 ~]# dig @auth.brocas.home  google.com +short
[manjaro-i3 ~]#

Does anyone know why this might be?

Thanks in advance.

crazzyfool
  • 1
  • 1

1 Answers1

0

Thanks natxo - looks like that was it!

Edited /etc/named/ipa-ext.conf like so:

acl "trusted_network" {
  127.0.0.1;
  192.168.222.0/24;
  192.168.30.0/24;
};

And added the allow-recursion section to /etc/named/ipa-options-ext.conf:

/* turns on IPv6 for port 53, IPv4 is on by default for all ifaces */
listen-on-v6 { any; };

/* dnssec-enable is obsolete and 'yes' by default */
dnssec-validation yes;

allow-recursion { trusted_network; };

Then I just restarted the FreeIPA services:

[root@auth ~]# ipactl restart

Now everything works! Thanks!

crazzyfool
  • 1
  • 1