Score:0

FreeIPA: External DNS requests (google etc.) fail for clients on new subnet

in flag

I'm trying to rebuild my home network to make use of FreeIPA to manage some Linux clients. This has all gone well on my main network (192.168.222.0/24) with all clients being able to resolve both internal DNS and external requests for google etc. All clients on that network can SSH (with sudo) using a user I created in FreeIPA.

The issue comes when I try to connect my Wifi network (192.168.30.0/24) to the FreeIPA server. Clients on the Wifi network can only resolve internal DNS. Requests for google.com etc. are ignored. This works fine on my main network.

So from a host on my main 192.168.222.0/24 network:

[root@kvm ~]# dig @auth.brocas.home monitoring.brocas.home +short
192.168.222.130
[root@kvm ~]# dig @auth.brocas.home  google.com +short
172.217.169.78

But on my 192.168.30.0/24 network, no external DNS requests are resolved:

[manjaro-i3 ~]# dig @auth.brocas.home monitoring.brocas.home  +short
192.168.222.130
[manjaro-i3 ~]# dig @auth.brocas.home  google.com +short
[manjaro-i3 ~]# 

Does anyone know why this might be?

Thanks in advance.

cn flag
what do the logs in the dns server tell you? If I recall correctly, the "allow-recursion" directive is set to "localnets; localhost;", so you need to create anothere trusted nework bind acl
Michael Hampton avatar
cz flag
Can you show your network topology?
Score:0
in flag

Thanks natxo - looks like that was it!

Edited /etc/named/ipa-ext.conf like so:

acl "trusted_network" {
  127.0.0.1;
  192.168.222.0/24;
  192.168.30.0/24;
};

And added the allow-recursion section to /etc/named/ipa-options-ext.conf:

/* turns on IPv6 for port 53, IPv4 is on by default for all ifaces */
listen-on-v6 { any; };

/* dnssec-enable is obsolete and 'yes' by default */
dnssec-validation yes;

allow-recursion { trusted_network; };

Then I just restarted the FreeIPA services:

[root@auth ~]# ipactl restart

Now everything works! Thanks!

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.