On 05/03/2011 08:46 AM, Dmitri Pal wrote:
I am posting Steven's questions as they have been sent to the wrong list
and were on hold.



Seem to be having issues posting....anyway....

I notice that free-ipa really wants to work best as its own dns
etc....problem is with AD running integrated DNS there is a clash....So
Im wondering with say a domain of ipa.ac.nz whether it would be a good
idea or sensible and worthwhile to run ipa as a dns stub say unix.ipa.ac.nz?

Would this cause any issues with anything? say passwd syncing with AD
under ipa.ac.nz  (or actually its staff.ipa.ac.nz)  ????

> From reading the docs this looks like it might be a good idea, not sure...

Are there any good high design and architecture docs I should read?  to
answer such Qs?



I'd go so far as to say that it is a very good idea, but there really is no issue. Either IPA runs as DNS, or it needs something else to keep DNS entries in sync. Obviously, it is easier to do all inside a single system. I'm guessing that what he is seeing i having IPA run DNS for the same zone as another DNS server: the fact that it is AD is probably irrelevant.

Just remember that if you make the IPA DNS be a subzone, all of the hostnames need to match. Not sure if then there will be Kerberos Realm issues between AD and IPA, though.

Freeipa-users mailing list

Reply via email to