Remove foot from mouth... sure.

-----Original Message-----
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Friday, April 4, 2014 4:45 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA

On 04/03/2014 07:50 PM, Andy Tomlin wrote:
> Awesome, adding the grant line with my key (DDNS_UPDATE) did the 
> trick. This makes it perform exactly like old config.
>
> Thanks for the help. Someone should put this example in the docs.

Would you mind writing a HowTo on our wiki?

>
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of William Brown
> Sent: Thursday, April 3, 2014 3:29 PM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>
> On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
>> That would be my preference, would then work same as bind/dhcpd 
>> before switching to ipa. I just dont know how to do it correctly.
>>
>>   
> This assumes dhcp and named are on the same system.
>
> For an unrelated project I wrote some docs here:
>
> http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
> rk
>
> And the example config files referenced are:
>
> https://github.com/micolous/tollgate/tree/master/docs/example/fedora
>
> The important parts are:
>
> rndc-confgen -a -r keyboard -b 256
> chown named:named /etc/rndc.key
>
> In named.conf add after the options section:
>
> include "/etc/rndc.key";
>
> In the zone (In ipa you will need to add this permission)
>
> grant rndc-key wildcard * ANY;
>
> Then in dhcpd:
>
>
> include                 "/etc/rndc.key";
>
> And to the dhcpd range:
>
>
>       zone dhcp.example.lan. {
>               primary 127.0.0.1;
>               key     "rndc-key";
>       }
>
>
>       zone 0.4.10.in-addr.arpa. {
>               primary 127.0.0.1;
>               key "rndc-key";
>       }
>
>
> This should coexist peacefully with freeipa, but try to make sure your 
> DDNS updated zone is say dhcp.example.com rather than a zone you care
about.
> Consider you have a domain controller called x.example.com, and you 
> allow DDNS to example.com. If someone set their hostname to x, they 
> could take over the DNS records for your DC. Better to have a second 
> zone to prevent this.
>
> --
> William Brown <will...@firstyear.id.au>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to