On 03/05/2015 12:41 PM, Andrew Holway wrote:

We're working on a plan to spin up a bunch of private networks around the globe and we would like to use freeipa as our domain controller.

I'm trying to work out how we do DNS. Actually, more specifically, making sure that hosts are authenticating against its local freeipa. Each regional domain controller should be replicating with the other regional domain controllers however how do we tell machines in the US to auth against the US freeipa and the EU machines to auth against the EU freeipa.

If we point the DNS in our machines to the US freeipa will that freeipa respond with SRV records for itself?

FreeIPA does not support DNS sites yet.


https://fedorahosted.org/bind-dyndb-ldap/ticket/126 <https://fedorahosted.org/bind-dyndb-ldap/ticket/126#>

It is in plans for the next release but as a stretch goal.

For now the work around would be to have an explicit set of servers configured on the clients. You will loose a bit of agility if you plan to deploy replicas dynamically but if you do not plan to do that static server list might be a work around for now.



Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to