On 04/09/2014 11:58 AM, Andy Tomlin wrote:
Ok, I added a howto page


Thanks
Martin, should be link it from HowTo page?


On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <atom...@engineer.com <mailto:atom...@engineer.com>> wrote:

    Remove foot from mouth... sure.

    -----Original Message-----
    From: freeipa-users-boun...@redhat.com
    <mailto:freeipa-users-boun...@redhat.com>
    [mailto:freeipa-users-boun...@redhat.com
    <mailto:freeipa-users-boun...@redhat.com>] On Behalf Of Dmitri Pal
    Sent: Friday, April 4, 2014 4:45 PM
    To: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
    Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA

    On 04/03/2014 07:50 PM, Andy Tomlin wrote:
    > Awesome, adding the grant line with my key (DDNS_UPDATE) did the
    > trick. This makes it perform exactly like old config.
    >
    > Thanks for the help. Someone should put this example in the docs.

    Would you mind writing a HowTo on our wiki?

    >
    > -----Original Message-----
    > From: freeipa-users-boun...@redhat.com
    <mailto:freeipa-users-boun...@redhat.com>
    > [mailto:freeipa-users-boun...@redhat.com
    <mailto:freeipa-users-boun...@redhat.com>] On Behalf Of William Brown
    > Sent: Thursday, April 3, 2014 3:29 PM
    > To: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
    > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
    >
    > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
    >> That would be my preference, would then work same as bind/dhcpd
    >> before switching to ipa. I just dont know how to do it correctly.
    >>
    >>
    > This assumes dhcp and named are on the same system.
    >
    > For an unrelated project I wrote some docs here:
    >
    >
    http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
    > rk
    >
    > And the example config files referenced are:
    >
    > https://github.com/micolous/tollgate/tree/master/docs/example/fedora
    >
    > The important parts are:
    >
    > rndc-confgen -a -r keyboard -b 256
    > chown named:named /etc/rndc.key
    >
    > In named.conf add after the options section:
    >
    > include "/etc/rndc.key";
    >
    > In the zone (In ipa you will need to add this permission)
    >
    > grant rndc-key wildcard * ANY;
    >
    > Then in dhcpd:
    >
    >
    > include                 "/etc/rndc.key";
    >
    > And to the dhcpd range:
    >
    >
    >       zone dhcp.example.lan. {
    >               primary 127.0.0.1;
    >               key     "rndc-key";
    >       }
    >
    >
    >       zone 0.4.10.in-addr.arpa. {
    >               primary 127.0.0.1;
    >               key "rndc-key";
    >       }
    >
    >
    > This should coexist peacefully with freeipa, but try to make
    sure your
    > DDNS updated zone is say dhcp.example.com
    <http://dhcp.example.com> rather than a zone you care
    about.
    > Consider you have a domain controller called x.example.com
    <http://x.example.com>, and you
    > allow DDNS to example.com <http://example.com>. If someone set
    their hostname to x, they
    > could take over the DNS records for your DC. Better to have a second
    > zone to prevent this.
    >
    > --
    > William Brown <will...@firstyear.id.au
    <mailto:will...@firstyear.id.au>>
    >
    > _______________________________________________
    > Freeipa-users mailing list
    > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    > https://www.redhat.com/mailman/listinfo/freeipa-users
    >
    > _______________________________________________
    > Freeipa-users mailing list
    > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    > https://www.redhat.com/mailman/listinfo/freeipa-users


    --
    Thank you,
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.

    _______________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/mailman/listinfo/freeipa-users




--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to