You can, but you need to add the DNS entries that FreeIPA adds to its
domain to your DNS server.

What I did was install FreeIPA in a test environment and fish the entries
from there.

On Tue, Feb 13, 2018 at 4:37 AM, Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> I know I have sent in multiple emails, but we are trying to deploy FreeIPA
> correctly.  However I am getting asked to find out some other details.
>
> Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and still
> be able to use the SSH, sudo, selinux, LDAP & krb5.
>
> We are moving to AWS and management is afraid that we will have to
> maintain multiple sets of DNS.  And that if FreeIPA is the focal point for
> all servers and god for bid it crashes, there goes our whole environment.
> They would like to put the zone in R53 and have that handle ALL the
> records.  If we do go through with not installing DNS w/ FreeIPA will we be
> shooting ourselves in the foot?
>
> I know that FreeIPA relies heavily on DNS and I have seen multiple
> conversations regarding not to do this, but is this somewhere in the best
> practices?
>
> I found this thread from 2015 but I don't think it applies anymore:
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
>
> The problem is that we have 30 domains that we want to use in R53 and he
> wants to bypass FreeIPA for doing DNS other than for auth and sudo and
> ldap.  Could we put entries in the /etc/hosts file to point to the FreeIPA
> servers?  I feel like this might work and might be more problematic down
> the line.
>
> Regards,
> Andrew
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to