No worries. Note that at the end of ipa-server-install, you get a list of DNS records (SRV, A) required to be added (in a BIND zone format). Additional required updates caused by new/removed FreeIPA replicas are on your own though.
Martin On 05/28/2014 10:44 AM, [email protected] wrote: > Well, after sending my query I started going back over the FreeIPA > documentation again and found information that I should probably be using SRV > records in DNS to handle the load balancing. > > I will look into this and figure out what I need to request of the site > network team. > > Apologies for cluttering up your inboxes! > > Rob > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> Sent: 28 May 2014 09:14 >> To: [email protected] >> Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS >> >> Hi all, >> >> I am wanting to set up a FreeIPA domain for controlling a group of machines >> on our network, and want to use replica servers for resilience. However, I >> do >> not have control over DNS: our site prefers to use a central DNS service, >> which I can easily request changes in, but I don't have flexibility there. >> >> I will, at this point, admit to not knowing a great deal about the workings >> of >> DNS, so if I am asking dumb questions, please feel free to point me at an >> RFC, >> howto or other documentation so I can get educated. >> >> So I am trying to work out the best way to set things up. My initial hunch >> was >> that I should get A-records set up to provide a DNS round robin for the >> service. The problem appears to be that if I install FreeIPA on the servers >> using their own hostnames, their host certificates won't match the A-record, >> and if I set up FreeIPA to use the round robin hostname, it just doesn't look >> right to me. >> >> I hope I have managed to explain my situation appropriately. I haven't been >> able to find documentation to help me with this (I suspect I just need to >> understand a few different aspects better than I do already), so can >> someone point me in the right direction, please? >> >> Many thanks, >> Rob >> -- >> Scanned by iCritical. >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
