On Thu, May 07, 2015 at 01:07:58PM -0400, Dmitri Pal wrote: > On 05/07/2015 04:37 AM, Petr Spacek wrote: > >On 7.5.2015 09:31, Winfried de Heiden wrote: > >>Hi all, > >> > >> One of the nice FreeIPA features is a host will be added to DNS > >>automatically when the client is installed. However, in some situations > >>using an other, external, DNS server is prefered. Now, this is possible but > >>hosts have to added manually to this other DNS-server. > >> > >> Is it possible to handle DNS records by IPA on an external DNS server? Any > >>future plans for this? > >This automatic update is handled by SSSD and uses standard DNS update > >protocol. I.e. it should work as long as your 'external' DNS server is > >configured to accept updates from clients. > > This is the update not the creation. > Will the update create both A/AAAA and PTR record?
It should also create the record (although I haven't tested right now). SSSD would so far only create the address family that is used to connect to the server. We have an RFE open to update both: https://fedorahosted.org/sssd/ticket/2120 and also update the address on startup, not on going offline, which might be too late in some cases: https://fedorahosted.org/sssd/ticket/1926 But what I see as a potentially more important blocker is that SSSD always use the GSSAPI credentials of the joined realm. If the external DNS server requires different authentication, the update wouldn't succeed. > I thought that it will just update IP but not create these records. > If I am correct then the question is valid and we need to have a way to > create entries in an external data store. > > Sounds like another use case for the notification system. > And for that we do not have firm plans yet but we are collecting the use > cases to justify the effort. > Martin do you think it is worth opening a ticket? > > >Please refer to documentation to your DNS server for further information and > >let us know if you encounter some problem. > > > >Have a nice day! > > > > > -- > Thank you, > Dmitri Pal > > Director of Engineering for IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project