On Monday, March 16, 2015 09:13:56 PM Alexander Bokovoy wrote: > On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote: > >Reading through the RHEL 7.1 documents on setting up a trust between IPA > >and AD I came across a note that IPA had to be managing DNS in order for > >this to work. Why is this? Is there any way around this? At this point the > >DNS IPA would manage is DNSSEC signed and as such can't be managed by IPA, > >it must be managed separately. > > It is unfortunate that documentation turns recommendations into a > mandatory statements. IPA deployment depends heavily on properly > configured DNS and we provide means to maintain DNS server with IPA > tools. This, however, doesn't mean DNS is required to be maintained by > IPA only. Instead, a properly maintained DNS setup is required, not that > it is set up and controlled by IPA means. > > It is easier in many cases to use IPA-managed DNS but if you know what > you are doing, all we ask is to have proper DNS entries in your DNS > infrastructure prior to using IPA commands which require these entries > to exist (or be created, had the DNS infrastructure been managed by > IPA).
Ok thanks, I sort of figured that was probably the case, but I wanted to check to make sure. -Erinn
Description: This is a digitally signed message part.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project