FreeIPA: Configuring DNS Zones and records
How-To: FreeIPA
22th July, 2023
DNS Configuration is probably the easiest and most straight-forward thing you can do in FreeIPA. It barely needs an explanation. However, if you are new to DNS configuration, here is a step-by-step Guide.
Note: IPv4 addresses used are private ranges that may or may not be in use. IPv6 examples are using the Reserved Documentation range.
Types of DNS Zones
DNS zones are where DNS records are going to be placed. There are 3 types:
Zones;
Reverse Zones;
And Forward zones
In the WebGUI: Navigate to Network Services > DNS > DNS Zones
“Zones” is where the most records goes, like A, AAAA, SRV, URI and others.
To add a Zone, click +Add
These are my zones:
Reverse Zones
A reverse Zone is where the IPv4 and IPv6 PTR records goes. Those are used when performing reverse lookups (who is 2001:DB8:1234:B010::B for example).
10.9.0.0/16 and 2001:DB8:1234:9000::/52 are for Public Services
10.10.0.0/16 and 2001:DB8:1234:A000::/52 are for Management
10.11.0.0/16 and 2001:DB8:1234:B000::/52 are for Internal Services
Note: Reverse zone records are mostly optional but can be nice to have.
Regular Zones
I only use the topdomain name bastuklubben.online. I wen’t back and forth if I should use subdomains for internal networks. I finally decided that it just complicates things and it is much easier to type hostnames without it.
Note: DNS architecture is really not something I’m qualified to advise you on. However, in a big enterprise environment I would probably use subdomains like mgmt.bastuklubben.online and so forth.
Forward Zones
Forward zones i assume is used if you want different DNS forwarders per subdomain. I personally just rely on the configured global forwarders for every record.
Adding Records
When a host gets added through with the ipa-client, some special DNS records are automatically added:
I’m no DNS expert but i know what A, AAAA and PTR records are used for:
A is IPv4 name lookup
AAAA is IPv6 name lookup
PTR is IPv4 or IPv6 reverse name lookup
To add a A or AAAA record for a host, Navigate to Network Services > DNS > DNS Zones > your.domain and click +add.
Note: “Create reverse” will only work if the Reverse Zone is already created.
Adding PTR Records
Adding PTR records for reverse lookups are a bit tricky the first time you do it. You have to spell the last 16 bits of the IPv4 addresses backwards. Example from the 9.10.in-addr.arpa Zone:
Note: The amount of bits needed depends on how you have configured your reverse zones
The first PTR record in the list translates into “10.9.1.66 is nextcloud.bastuklubben.online” and so forth.
Note: It’s recommended to only create PTR records for the FQDN name. The FQDN = Fully Qualified Doman Name, is the hostname + domain name.
For IPv6 records it looks even worse. Because each reverse zone is 52 bits long, you have to spell the last 76 bits backwards. Example from the 9.4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa Zone:
The first PTR record in the list translates into 2001:DB8:1234:9011::2 is nextcloud.bastuklubben.online” and so forth.
Note: There are no IPv4 or IPv6 specific PTR record types. The same record type is used for both IP protocols.
Conclusion
Creating DNS records are a no-brainer as long as you stick to the regular records. Here is another good blog for more information:
https://www.linuxsysadmins.com/creating-dns-zones-and-record-in-ipa-server/