On 05/03/2011 08:46 AM, Dmitri Pal wrote:
I am posting Steven's questions as they have been sent to the wrong list
and were on hold.
------------------------------------------------
Hi
Seem to be having issues posting....anyway....
I notice that free-ipa really wants to work best as its own dns
etc....problem is with AD running integrated DNS there is a clash....So
Im wondering with say a domain of ipa.ac.nz whether it would be a good
idea or sensible and worthwhile to run ipa as a dns stub say unix.ipa.ac.nz?
Would this cause any issues with anything? say passwd syncing with AD
under ipa.ac.nz (or actually its staff.ipa.ac.nz) ????
> From reading the docs this looks like it might be a good idea, not sure...
Are there any good high design and architecture docs I should read? to
answer such Qs?
regards
-----------------------------------------------
I'd go so far as to say that it is a very good idea, but there really is
no issue. Either IPA runs as DNS, or it needs something else to keep
DNS entries in sync. Obviously, it is easier to do all inside a single
system. I'm guessing that what he is seeing i having IPA run DNS for
the same zone as another DNS server: the fact that it is AD is probably
irrelevant.
Just remember that if you make the IPA DNS be a subzone, all of the
hostnames need to match. Not sure if then there will be Kerberos Realm
issues between AD and IPA, though.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
