On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote:
Reading through the RHEL 7.1 documents on setting up a trust between IPA and
AD I came across a note that IPA had to be managing DNS in order for this to
work. Why is this? Is there any way around this? At this point the DNS IPA
would manage is DNSSEC signed and as such can't be managed by IPA, it must be
managed separately.
It is unfortunate that documentation turns recommendations into a
mandatory statements. IPA deployment depends heavily on properly
configured DNS and we provide means to maintain DNS server with IPA
tools. This, however, doesn't mean DNS is required to be maintained by
IPA only. Instead, a properly maintained DNS setup is required, not that
it is set up and controlled by IPA means.

It is easier in many cases to use IPA-managed DNS but if you know what
you are doing, all we ask is to have proper DNS entries in your DNS
infrastructure prior to using IPA commands which require these entries
to exist (or be created, had the DNS infrastructure been managed by

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to