On 7.9.2013 18:36, Simo Sorce wrote:
On Fri, 2013-09-06 at 20:12 -0400, bwellsnc wrote:
Hello.    I am working on implementing several new things at my
company, IPA, a new DHCP server, and a new named server.  The problem
is that I am running an infrastructure with Windows, Linux, and Mac.
  This means that DNS entries cannot be kept up to date using the
windows/mac side because they are not part of IPA.  The current
DHCP/Named instance I am replacing does named updates from DHCP.  I am
wondering, can the named instance used by IPA be updated using DHCP.
  The ideal situation would be for DHCP to be allowed to automatically
make additions to IPA's DNS server, even if there is no entry for that
host.  Can something like this be implemented with ipa:


The LDAP backend for ISC DHCP is used to store dhcp data, but wouldn't
be very useful for your purpose.

If you can run a script from the DHCP server when a machine registers,
then what you can do is to create a user/service allowed to modify DNS
entries (aadding a named ACI to the relative zone) and then simply use
the script to call 'nsupdate' and issue GSS-TSIG signed dns update

Simo is right. Please see:
- man dhcpd.conf, particularly section 'EVENTS' and options ddns-*, do-forward-updates and client-updates.

- http://www.freeipa.org/page/Dynamic_updates_with_GSS-TSIG, particularly section about update-policies

Don't hesitate to ask again if you find some something unclear or misleading information.

Petr^2 Spacek

