33.2. Supported DNS Zone Types
IdM supports two DNS zone types: master and forward zones.
This guide uses the BIND terminology for zone types which is different from the terminology used for Microsoft Windows DNS. Master zones in BIND serve the same purpose as forward lookup zones and reverse lookup zones in Microsoft Windows DNS. Forward zones in BIND serve the same purpose as conditional forwarders in Microsoft Windows DNS.
- Master DNS zones
- Master DNS zones contain authoritative DNS data and can accept dynamic DNS updates. This behavior is equivalent to the
type mastersetting in standard BIND configuration. Master zones are managed using the ipa dnszone-* commands.In compliance with standard DNS rules, every master zone must contain SOA and NS records. IdM generates these records automatically when the DNS zone is created, but the NS records must be manually copied to the parent zone to create proper delegation.In accordance with standard BIND behavior, forwarding configuration specified for master zones only affects queries for names for which the server is not authoritative.
Example 33.1. Example Scenario for DNS ForwardingThe IdM server contains the
test.example.master zone. This zone contains an NS delegation record for the
sub.test.example.name. In addition, the
test.example.zone is configured with the
192.0.2.254forwarder IP address.A client querying the name
NXDomainanswer, and no forwarding occurs because the IdM server is authoritative for this name.On the other hand, querying for the
sub.test.example.name is forwarded to the configured forwarder
192.0.2.254because the IdM server is not authoritative for this name.
- Forward DNS zones
- Forward DNS zones do not contain any authoritative data. All queries for names belonging to a forward DNS zone are forwarded to a specified forwarder. This behavior is equivalent to the
type forwardsetting in standard BIND configuration. Forward zones are managed using the ipa dnsforwardzone-* commands.