On Wed, 2011-05-18 at 23:07 +0000, Steven Jones wrote: > Qs, > > 1) We have a single master only for freeipa 2.0? so from what I can > read the replicas are passive? ie do they answer LDAP queries and also > DNS queries if DNS is integrated? but simply dont have a gui? or are > they totally inert? Im thinking of this as we really want 2 active > DNS servers minimum.......
We do not enable the DNS on replicas by default, it is an admin choice on which replicas they want to enable the DNS service. When you install the replica you can pass the --setup-dns flag. If you forgot to do so or if you later change idea and want to install the DNS piece you can simply run ipa-dns-install on the replica you want to have another DNS available. > 2) We discussed its better to have DNS as a stub domain off the main > domain.....so Linux servers will be unix.vuw.ac.nz.....should I do the > same for the reverse lookup? That depends on your network topology. At the moment we do create a reverse zone for you by default, but you can use it, disable it, or just remove it if you have reverse lookups handled elsewhere. In future though we plan to improve the DNS plugin so that it will automatically update also the reverse zone (if managed by IPA) on clients dynamic DNS updates. > Should I cleave off part of the class B? say 2 x 24s? problem then > becomes what do I do with mixed environments where I have windows web > front ends and linux db backends......or user areas where I cant do > that... It is not necessary, although I would recommend that you properly set the ptr records at least for your servers in the DNS that is managing your reverse zones. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users