I'm running FreeIPA 4.5 server with several hundred hosts and dozens of
users. And it's perfectly fine, especially if you already have another
instrument for dns managing.
I haven't experienced any problems from such setup so far.

2018-02-13 17:10 GMT+03:00 Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:

> Fish the entries?  Can you elaborate on that a bit more?
>
> Since FreeIPA auto-builds txt records and what not for client
> machines...How did you do that?
>
> Or did you not utilize that?
>
>
> On Tuesday, February 13, 2018 2:58 AM, Alex Corcoles via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>
> You can, but you need to add the DNS entries that FreeIPA adds to its
> domain to your DNS server.
>
> What I did was install FreeIPA in a test environment and fish the entries
> from there.
>
> On Tue, Feb 13, 2018 at 4:37 AM, Andrew Meyer via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> I know I have sent in multiple emails, but we are trying to deploy FreeIPA
> correctly.  However I am getting asked to find out some other details.
>
> Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and still
> be able to use the SSH, sudo, selinux, LDAP & krb5.
>
> We are moving to AWS and management is afraid that we will have to
> maintain multiple sets of DNS.  And that if FreeIPA is the focal point for
> all servers and god for bid it crashes, there goes our whole environment.
> They would like to put the zone in R53 and have that handle ALL the
> records.  If we do go through with not installing DNS w/ FreeIPA will we be
> shooting ourselves in the foot?
>
> I know that FreeIPA relies heavily on DNS and I have seen multiple
> conversations regarding not to do this, but is this somewhere in the best
> practices?
>
> I found this thread from 2015 but I don't think it applies anymore:
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
>
> The problem is that we have 30 domains that we want to use in R53 and he
> wants to bypass FreeIPA for doing DNS other than for auth and sudo and
> ldap.  Could we put entries in the /etc/hosts file to point to the FreeIPA
> servers?  I feel like this might work and might be more problematic down
> the line.
>
> Regards,
> Andrew
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
>
> --
>    ___
>  {~._.~}
>   ( Y )
>  ()~*~()  mail: alex at corcoles dot net
>  (_)-(_)  http://alex.corcoles.net/
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
Best regards, Andrew.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to