I know I have sent in multiple emails, but we are trying to deploy FreeIPA 
correctly.  However I am getting asked to find out some other details.  
Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and still be 
able to use the SSH, sudo, selinux, LDAP & krb5.  
We are moving to AWS and management is afraid that we will have to maintain 
multiple sets of DNS.  And that if FreeIPA is the focal point for all servers 
and god for bid it crashes, there goes our whole environment.  They would like 
to put the zone in R53 and have that handle ALL the records.  If we do go 
through with not installing DNS w/ FreeIPA will we be shooting ourselves in the 
foot?  
I know that FreeIPA relies heavily on DNS and I have seen multiple 
conversations regarding not to do this, but is this somewhere in the best 
practices?
I found this thread from 2015 but I don't think it applies anymore:Re: 
[Freeipa-users] Can freeIPA work without Kerberos and DNS

  
|  
|   |  
Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
   |  |

  |

 

The problem is that we have 30 domains that we want to use in R53 and he wants 
to bypass FreeIPA for doing DNS other than for auth and sudo and ldap.  Could 
we put entries in the /etc/hosts file to point to the FreeIPA servers?  I feel 
like this might work and might be more problematic down the line.
Regards,Andrew
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to