17.9. Changing Recursive Queries Against Forwarders


The ipa-client-install script sets a configuration statement in the /etc/named.conf file that allows name resolution against hosts that are outside the IdM DNS domain. (This requires that the IdM server be set up with DNS configured and with forwarders configured.) What this means is that any host is permitted to issue recursive queries against configured forwarders.
By default, any host is permitted to issue recursive queries against configured forwarders. The IdM installation script automatically adds a line to the /etc/named.conf file to allow these recursive queries.
        forward first;
        forwarders { 10.16.36.29; };
        allow-recursion { any; };
Copy to Clipboard Toggle word wrap
This behavior can be changed in the allow-recursion statement.
  1. Open the /etc/named.conf file.
  2. Reset the allow-recursion statement. This is set to any by default, which allows all hosts to resolve names against all forwarders.
            forward first;
            forwarders { 10.16.36.29; };
            allow-recursion { any; };
    Copy to Clipboard Toggle word wrap
  3. Restart the named service.
    service named restart
    Copy to Clipboard Toggle word wrap
The name server documentation has more details on editing configuration statements.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat