On ma, 04 maalis 2019, Vivek Aggarwal via FreeIPA-users wrote:
Thanks Alexander for such a nice explanation.
I've a follow-up thing to ask , i understood your point that if i'm
using primary domain and realm as "avtar.test" then .stg.avtar.test
and .testing.stg.avtar.test are two DNS zones nested within avtar.test.
and the integrated DNS in IPA master doesnt know anything about the
sub-domains hence it is unable to resolve hostname
"testing-infra-01-dal13.testing.stg.avtar.test"
But if i install Bind DNS server separately and configure "zone" as
below well in this case BIND server is able to provide resolution for
server "testing-infra-01-dal13.testing.stg.avtar.test" as its
configured as "A record" in "/etc/bind/avtar.test" file.
It doesn't matter who provides these zones. When you deploy IPA master
with integrated DNS, the record (and a DNS zone it should be in) does
not exist yet, thus installer failing to find it and thus failing. You
cannot create the zone and the record in the installer because we have
no idea at this point what creating this DNS zone means and how it
should be done. We only can do that for the immediate DNS zone we are
installing.
Please help in understand this variation in behaviour of Bind Server VS
IDM integrated DNS. I mean is it something that BIND server can do
resolution of its child domains implicitly whereas that is something
not supported by IDM integrated DNS . Why there is not need in BIND
server to configure sub domains of "avtar.test" domain. Kindly help.
As I said, this is not about capability of an integrated DNS. It is
about *availability* of the zones in question at the time of deployment.
If you make that zone available at the time of deployment by means of a
separate DNS server, that's fine. You are, however, then will not be
using integrated DNS.
You can always add more IPA masters after you created initial deployment
-- if you'd configure additional DNS zones after the initial deployment
and then add a replica in .testing.stg.avtar.test, that will be fine,
regardless whether you are installing with integrated DNS or not.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
