On 12/12/2012 06:09 PM, rashard.ke...@sita.aero wrote:
What are the disadvantages of using an external DNS source?
You have to create and update all records by hand. Generally, it will work if you are careful. Also, you will get quest after adding a new IPA replica, potentially after adding a host to IPA realm and so on.

> My three options
are install DNS services on the IPA server,
That is the best way. It will provide seamless integration for you. All records will be created and updated as necessary.

use the local Active Directory
DNS, or connect to a linux based DNS appliance.
Generally, they are external DNS servers. I'm not aware of any big differences (from IPA point of view).

> Is it common not to use DNS at
all if so what are the drawbacks?
You can run IPA without any DNS, but it will be pain. You have to configure each host with address of KDC etc. Generally, you have to statically configurure /etc/krb5.conf, /etc/sssd* and others.

We don't support that (in other ways than recommendations). Also, configuration without DNS will not work with AD trusts.

My goal is consolidating all local administration of users to a centralized
place in our environment. I have been reading the documentation and the
mailing list archives, forgive me If I have overlooked this answer.
I would recommend to add a sub-domain for IPA and let IPA to manage this sub domain.

If you are in AD shop "example.com", then you can create sub-domain "ipa.example.com" and delegate (via NS+A records) this ipa sub-domain from AD server to IPA server with integrated DNS.

Some very basic info can be found in

Let us know if you need any assistance.


This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
Good joke (on public mailing list) :-D

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to