Hello, I will add few more details:
"ALIAS" virtual record and its derivatives are not standardized yet and AFAIK there is no implementation which works with DNSSEC.
IPA uses BIND 9.9 as DNS backend and BINDitself doesn't support any variant of ALIAS record at the moment. As a result, IPA doesn't have any means to provide this feature.
If you are interested in details please see dnsop mailing list archives [1] and look for "ALIAS" keyword in subjects.
[1] http://www.ietf.org/mail-archive/web/dnsop/current/maillist.html Petr^2 Spacek On 4.10.2014 19:28, Will Sheldon wrote:
Thanks Michael, it seems you are correct. I knew I’d seen it done though - turns out that if you use route53 for your DNS amazon has a way of making it work with a virtual record type called an alias. I guess we’ll just have to use route53. At least alias lookups are free. On October 4, 2014 at 10:20:43 AM, Michael Lasevich (mlasev...@gmail.com) wrote: You cannot have cname for a bare domain in IPA or in any DNS service, it violates DNS rfc's. On Oct 4, 2014 10:19 AM, "Will Sheldon" <m...@willsheldon.com> wrote: Hello everyone : ) Is it possible to configure a CNAME for a bare domain with freeIPA? We would like to move our site over to an Amazon ELB, but to do so we have to point our domain (foo.com, not www.foo.com) at an was A record with a CNAME (something like xxxxxxxxxxxx.eu-west-1.elb.amazonaws.com) This is technically possible, but IPA complains: "invalid 'cnamerecord': CNAME record is not allowed to coexist with any other records except PTR" I’m guessing this is because of the @ NS record. Is there any way to override this behaviour? Can I make manual modifications to the zone file? Will Sheldon
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
