I have another software in that role.
Here it is - https://www.ispsystem.com/software/dnsmanager
It's frontend for managing zones and pdns+mysql as backend.
So when I configuring new hosts, these servers play as authoritative dns.
No special configuring for freeipa server, only ipa-server-install with

'setup_dns': False

And specified --domain and --realm when doing ipa-client-install

2018-02-13 17:29 GMT+03:00 Andrew Meyer <andrewm...@yahoo.com>:

> What is your authoritative DNS?  MS AD?  Are you manually populating the
> records?  My boss wants to eliminate DNS from this equation because he
> thinks we will have to maintain another set of DNS servers.  If FreeIPA is
> only authoritative for its own zone and managing servers within the zone,
> then we should have no issues.  We will need to put forwarders in to talk
> to Route53.  But I don't see that as an issue.
>
>
> On Tuesday, February 13, 2018 8:25 AM, Andrew Radygin <randr...@gmail.com>
> wrote:
>
>
> I'm running FreeIPA 4.5 server with several hundred hosts and dozens of
> users. And it's perfectly fine, especially if you already have another
> instrument for dns managing.
> I haven't experienced any problems from such setup so far.
>
> 2018-02-13 17:10 GMT+03:00 Andrew Meyer via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org>:
>
> Fish the entries?  Can you elaborate on that a bit more?
>
> Since FreeIPA auto-builds txt records and what not for client
> machines...How did you do that?
>
> Or did you not utilize that?
>
>
> On Tuesday, February 13, 2018 2:58 AM, Alex Corcoles via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
>
> You can, but you need to add the DNS entries that FreeIPA adds to its
> domain to your DNS server.
>
> What I did was install FreeIPA in a test environment and fish the entries
> from there.
>
> On Tue, Feb 13, 2018 at 4:37 AM, Andrew Meyer via FreeIPA-users 
> <freeipa-users@lists.
> fedorahosted.org <freeipa-users@lists.fedorahosted.org>> wrote:
>
> I know I have sent in multiple emails, but we are trying to deploy FreeIPA
> correctly.  However I am getting asked to find out some other details.
>
> Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and still
> be able to use the SSH, sudo, selinux, LDAP & krb5.
>
> We are moving to AWS and management is afraid that we will have to
> maintain multiple sets of DNS.  And that if FreeIPA is the focal point for
> all servers and god for bid it crashes, there goes our whole environment.
> They would like to put the zone in R53 and have that handle ALL the
> records.  If we do go through with not installing DNS w/ FreeIPA will we be
> shooting ourselves in the foot?
>
> I know that FreeIPA relies heavily on DNS and I have seen multiple
> conversations regarding not to do this, but is this somewhere in the best
> practices?
>
> I found this thread from 2015 but I don't think it applies anymore:
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>
>
> The problem is that we have 30 domains that we want to use in R53 and he
> wants to bypass FreeIPA for doing DNS other than for auth and sudo and
> ldap.  Could we put entries in the /etc/hosts file to point to the FreeIPA
> servers?  I feel like this might work and might be more problematic down
> the line.
>
> Regards,
> Andrew
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
>
> --
>    ___
>  {~._.~}
>   ( Y )
>  ()~*~()  mail: alex at corcoles dot net
>  (_)-(_)  http://alex.corcoles.net/
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
> ______________________________ _________________
> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
> <freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>
>
>
>
> --
> Best regards, Andrew.
>
>
>


-- 
Best regards, Andrew.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to