ipa dns forwarders are no longer necessary

Author: Dan Lavu

sssd_test_framework/topology_controllers.py

@@ -277,9 +277,6 @@ def topology_setup(self, client: ClientHost, ipa: IPAHost, trusted: ADHost | Sam
             self.logger.info(f"Topology '{self.name}' is already provisioned")
             return
 
-        # Configure DNS forwarder for AD domain on IPA server
-        self.setup_dns_forwarder(ipa, trusted)
-
         # Create trust
         self.logger.info(f"Establishing trust between {ipa.domain} and {trusted.domain}")
         ipa.kinit()
@@ -293,52 +290,6 @@ def topology_setup(self, client: ClientHost, ipa: IPAHost, trusted: ADHost | Sam
         # Backup so we can restore to this state after each test
         super().topology_setup()
 
-    def setup_dns_forwarder(self, ipa: IPAHost, trusted: ADHost | SambaHost) -> None:
-        """
-        Configure DNS forwarder on IPA server for the trusted AD domain.
-
-        This ensures IPA can resolve the AD domain for trust establishment.
-        """
-        self.logger.info(f"Configuring DNS forwarder for {trusted.domain} on {ipa.hostname}")
-        ipa.kinit()
-
-        # Check if forwarder already exists
-        result = ipa.conn.exec(
-            ["ipa", "dnsforwardzone-show", trusted.domain],
-            raise_on_error=False,
-        )
-
-        if result.rc == 0:
-            self.logger.info(f"DNS forwarder for {trusted.domain} already exists, skipping")
-            return
-
-        # Resolve AD server hostname to IP address (forwarder requires IP)
-        # Use getattr to safely access the host attribute from the connection
-        ad_hostname = getattr(trusted.conn, "host", trusted.hostname)
-        try:
-            ad_ip = socket.gethostbyname(ad_hostname)
-        except socket.gaierror:
-            self.logger.error(
-                f"Could not resolve hostname '{ad_hostname}'. "
-                "Please ensure it is resolvable from the test controller."
-            )
-            raise
-
-        # Add DNS forward zone pointing to the AD server IP
-        ipa.conn.exec(
-            [
-                "ipa",
-                "dnsforwardzone-add",
-                trusted.domain,
-                f"--forwarder={ad_ip}",
-                "--forward-policy=only",
-            ]
-        )
-
-        # Restart named to ensure it picks up the new forwarder zone
-        ipa.conn.exec(["systemctl", "restart", "named"])
-        self.logger.info(f"DNS forwarder for {trusted.domain} configured successfully")
-
     # If this command is run on freshly started containers, it is possible the IPA is not yet
     # fully ready to create the trust. It takes a while for it to start working.
     @retry_command(max_retries=20, delay=5, match_stderr='CIFS server communication error: code "3221225581"')