8.4. Changing Recursive Queries Against Forwarders

The ipa-client-install script sets a configuration statement in the /etc/named.conf file that allows name resolution against hosts that are outside the IPA DNS domain. (This requires that the IPA server be set up with DNS configured and with forwarders configured.) What this means is that any host is permitted to issue recursive queries against configured forwarders.

This behavior can be changed by changed the allow-recursion statement.

Open the /etc/named.conf file.
Reset the allow-recursion statement. This is set to any by default, which allows all hosts to resolve names against all forwarders.
```
        forward first;
        forwarders { 10.16.36.29; };
        allow-recursion { any; };
```
Restart the named service.
```
service named restart
```

The name server documentation has more details on editing configuration statements.