On 27.2.2015 21:04, Simo Sorce wrote: > On Fri, 2015-02-27 at 18:59 +0000, Roderick Johnstone wrote: >> On 27/02/15 18:33, Simo Sorce wrote: >>> On Fri, 2015-02-27 at 18:19 +0000, Roderick Johnstone wrote: >>>> Hi >>>> >>>> I'm trying to migrate of my NIS databases to freeipa and have got to the >>>> hosts database. >>>> >>>> In NIS a typical entry is: >>>> ipaddress canonical_name [aliases...] >>>> >>>> but I don't see how to enter the ipaddress or aliases using the ipa >>>> host-* commands. Is that possible? >>>> >>>> Maybe this is supposed to be done with the ipa dns commands, but I don't >>>> want freeipa to control the dns as we have an existing external dns >>>> infrastructure to fit into. >>>> >>>> How should I configure freeipa to do host lookups for aliases like NIS >>>> does? >>> >>> While NIS supports hosts maps, FreeIPA strongly encourages the use of >>> DNS, as such we do not have direct means of providing or querying hosts >>> maps. >>> >>> Simo. >>> >>> >> >> >> ok so I have to see how we can run the freeipa servers as dns servers >> alongside the corporate servers for our domain. >> >> I'm not sure how to proceed since I've no idea what the issues could be. >> Can you give me any hints or point to any docs? > > Is the problem that you cannot add entries to the corporate DNS server ? > > It is recommended to have a delegation or at least forwarding between > name servers to avoid headaches.
Let me clarify it: FreeIPA can manage DNS for you, which is easy thing to do if your corporate policy allows that. start with $ ipa-dns-install and then add NS and glue records to the parent zones to have proper delegation to FreeIPA DNS servers. DNS auto-management makes adding hosts and replicas easier but it is not required in any way. If you do not want to manage DNS in FreeIPA you do no have to. For aliases, ask your DNS admin to use CNAME records to create aliases for the canonical host name (used in ipa host-add command). Have a nice day! -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project