Change DNS A record of forward-zone

UCS - Univention Corporate Server
#1

So I have installed UCS and have configured it as my primary domain controller with my domain.

I have registered my own public domain name, lets call it ‘example.com’, which I use to host my ucs and nextcloud server. I thought it would be a cool idea to also use this name for my local domain. Usually you would call your local domain something like ‘example.local’, but I didnt, I used ‘example.com’ for my local domain. This shouldnt be a problem as long as I own this domain name.

my local ucs server behind my NAT router:

ip: 10.11.0.24
fqdn: ucs.example .com

The default dns forward zone looks like this:

root@ucs:~# udm dns/forward_zone list

DN: zoneName=example .com,cn=dns,dc=example,dc=com
a: 10.11.0.24
contact: root@example .com.
expire: 7 days
nameserver: ucs.example .com.
refresh: 8 hours
retry: 2 hours
serial: 51
ttl: 3 hours
zone: example .com
zonettl: 3 hours

The a-record of this zone points to 10.11.0.24, which is the static ip of the local interface of my ucs.

I changed the a-record of the forward zone so it points to the ip of my nginx-reverse-proxy, but after some time the old a-record is getting re-added by some ucs automatism.

Question: is there a good reason that this a-record needs to point to the ip of my ucs ? Can i change this a-record to point to a different ip, e.g. to 10.11.0.21 …which is my nginx reverse-proxy ?

1 Like
Joined Ubuntu doesn't update DNS record
#2

Hi,

usually it is not a very good idea to use the same domain name because they have each a different “master” who is the authoritative guy for this zone. Imagine, having a single zone with two authorized masters… no good.
(and indeed, using “.local” is not even better)
Best way is to use your local zone as a subzone of you official one (i.e. “sub.example.com”)
But yes, you will have to reinstall your UCS for this to take place…

/CV

#3

Hey,

thanks for the quick answer ! So the A record of a zone is apparently used to identify the dns by its ip, I see. Thanks.

… almost done reinstalling :slight_smile:

1 Like
#4

I ran into this issue as well. I ended up with two dns A records and odd results on the client side. I ended up just overriding the DNS A record for the domain on my router. All the machines on the local network go through the router for DNS and the router uses my UCS server. I just have the one static entry on my router for the main domain. Everything else just gets forwarded to the UCS DNS server for resolution. Seems to work nicely and UCS stays happy.

Mastodon