On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote:
Reading through the RHEL 7.1 documents on setting up a trust between IPA and AD I came across a note that IPA had to be managing DNS in order for this to work. Why is this? Is there any way around this? At this point the DNS IPA would manage is DNSSEC signed and as such can't be managed by IPA, it must be managed separately.
It is unfortunate that documentation turns recommendations into a mandatory statements. IPA deployment depends heavily on properly configured DNS and we provide means to maintain DNS server with IPA tools. This, however, doesn't mean DNS is required to be maintained by IPA only. Instead, a properly maintained DNS setup is required, not that it is set up and controlled by IPA means.
It is easier in many cases to use IPA-managed DNS but if you know what you are doing, all we ask is to have proper DNS entries in your DNS infrastructure prior to using IPA commands which require these entries to exist (or be created, had the DNS infrastructure been managed by IPA). -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project