On Wed, 2011-05-18 at 23:07 +0000, Steven Jones wrote:
> Qs,
> 1)  We have a single master only for freeipa 2.0?   so from what I can
> read the replicas are passive? ie do they answer LDAP queries and also
> DNS queries if DNS is integrated? but simply dont have a gui? or are
> they totally inert?  Im thinking of this as we really want 2 active
> DNS servers minimum.......

We do not enable the DNS on replicas by default, it is an admin choice
on which replicas they want to enable the DNS service.

When you install the replica you can pass the --setup-dns flag.

If you forgot to do so or if you later change idea and want to install
the DNS piece you can simply run ipa-dns-install on the replica you want
to have another DNS available.

> 2) We discussed its better to have DNS as a stub domain off the main
> domain.....so Linux servers will be unix.vuw.ac.nz.....should I do the
> same for the reverse lookup?

That depends on your network topology.
At the moment we do create a reverse zone for you by default, but you
can use it, disable it, or just remove it if you have reverse lookups
handled elsewhere.

In future though we plan to improve the DNS plugin so that it will
automatically update also the reverse zone (if managed by IPA) on
clients dynamic DNS updates.

> Should I cleave off part of the class B?  say 2 x 24s?  problem then
> becomes what do I do with mixed environments where I have windows web
> front ends and linux db backends......or user areas where I cant do
> that...

It is not necessary, although I would recommend that you properly set
the ptr records at least for your servers in the DNS that is managing
your reverse zones.


Simo Sorce * Red Hat, Inc * New York

