On 12/12/2012 06:09 PM, rashard.ke...@sita.aero wrote:
You have to create and update all records by hand. Generally, it will work if
you are careful. Also, you will get quest after adding a new IPA replica,
potentially after adding a host to IPA realm and so on.
What are the disadvantages of using an external DNS source?
> My three options
That is the best way. It will provide seamless integration for you. All
records will be created and updated as necessary.
are install DNS services on the IPA server,
Generally, they are external DNS servers. I'm not aware of any big differences
(from IPA point of view).
use the local Active Directory
DNS, or connect to a linux based DNS appliance.
> Is it common not to use DNS at
You can run IPA without any DNS, but it will be pain. You have to configure
each host with address of KDC etc. Generally, you have to statically
configurure /etc/krb5.conf, /etc/sssd* and others.
all if so what are the drawbacks?
We don't support that (in other ways than recommendations). Also,
configuration without DNS will not work with AD trusts.
I would recommend to add a sub-domain for IPA and let IPA to manage this sub
My goal is consolidating all local administration of users to a centralized
place in our environment. I have been reading the documentation and the
mailing list archives, forgive me If I have overlooked this answer.
If you are in AD shop "example.com", then you can create sub-domain
"ipa.example.com" and delegate (via NS+A records) this ipa sub-domain from AD
server to IPA server with integrated DNS.
Some very basic info can be found in
Let us know if you need any assistance.
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
Good joke (on public mailing list) :-D
Freeipa-users mailing list