No worries. Note that at the end of ipa-server-install, you get a list of DNS
records (SRV, A) required to be added (in a BIND zone format). Additional
required updates caused by new/removed FreeIPA replicas are on your own though.


On 05/28/2014 10:44 AM, wrote:
> Well, after sending my query I started going back over the FreeIPA 
> documentation again and found information that I should probably be using SRV 
> records in DNS to handle the load balancing.
> I will look into this and figure out what I need to request of the site 
> network team.
> Apologies for cluttering up your inboxes!
> Rob
>> -----Original Message-----
>> From: []
>> Sent: 28 May 2014 09:14
>> To:
>> Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS
>> Hi all,
>> I am wanting to set up a FreeIPA domain for controlling a group of machines
>> on our network, and want to use replica servers for resilience.  However, I 
>> do
>> not have control over DNS: our site prefers to use a central DNS service,
>> which I can easily request changes in, but I don't have flexibility there.
>> I will, at this point, admit to not knowing a great deal about the workings 
>> of
>> DNS, so if I am asking dumb questions, please feel free to point me at an 
>> RFC,
>> howto or other documentation so I can get educated.
>> So I am trying to work out the best way to set things up.  My initial hunch 
>> was
>> that I should get A-records set up to provide a DNS round robin for the
>> service.  The problem appears to be that if I install FreeIPA on the servers
>> using their own hostnames, their host certificates won't match the A-record,
>> and if I set up FreeIPA to use the round robin hostname, it just doesn't look
>> right to me.
>> I hope I have managed to explain my situation appropriately.  I haven't been
>> able to find documentation to help me with this (I suspect I just need to
>> understand a few different aspects better than I do already), so can
>> someone point me in the right direction, please?
>> Many thanks,
>> Rob
>> --
>> Scanned by iCritical.
>> _______________________________________________
>> Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to