I am now requesting to our DNS team

please delegate dns zone "" to ???
Question: is the ipa server fqdn, be or

does it matter?


2012/3/8 Simo Sorce <>

> On Thu, 2012-03-08 at 09:46 -0500, Sylvain Angers wrote:
> > Hi Again
> > Our current Linux/AIX servers fqdn should remain on domain
> >
> > I need an advice: Should the ipa server fqdn be or
> >
> You can have machines on a different DNS domain with FreeIPA.
> So you can use for your IPA server and still install
> clients in
> I think the onlt thing you should take care of is to make sure a
> -> UNIX.ABCD.CA mapping in krb5.conf under the [domain_realm]
> section is available on all machines of the domain to avoid issues
> resolving the correct realm for clients in the other domain.
> On clients this should be autometed in the very last release but the ipa
> server needs to be configured after install.
> > and on the Linux/AIX server, should we add entry of both dns (ipa and
> > Microsoft AD) in resolv.conf?
> No, that would not work. What you should do is ask your DNS admin to
> delegate you the zone. Once that is done it doesn't matter
> which DNS you are querying they will know who to ask.
> If delegation is not possible you could still use named forwarders in
> both IPA and AD so that each DNS server still know where to forward
> requests for the specific domain. This again will allow you to use
> whatever DNS your network uses and have queries properly forwarded
> around.
> > domain
> > search
> > nameserver ipa_adress
> > nameserver ad_adress
> >
> No, don't do this as a way to not configure the DNS servers, it won't
> work and will cause really confusing mis-behaviors if the DNS servers
> themselves do not know how to talk to each other.
> If delegation of zones or forwarding is properly set up though then this
> scheme would allow you to have a fallback when either infrastructure is
> temporarily unreachable.
> >
> Simo.
> --
> Simo Sorce * Red Hat, Inc * New York

Sylvain Angers
Freeipa-users mailing list

Reply via email to