Hi folks, currently I have a DNS domain "example.com" with several subdomains "s1.example.com", "s2.example.com", etc. (using NIS for IM). DNServer is bind9. There is a special stub zone "ws.example.com" provided by AD (including the correct TXT DNS records).
Now I would like to move the Unix part to FreeIPA 4.2 (using integrated DNS) and to build a trust relationship to AD. I just wonder if this is possible without loosing the top level "example.com" for both DNS and Kerberos realm? Looking at http://www.freeipa.org/page/Deployment_Recommendations I got confused by expressions like "directly overlap" and "same DNS zone level". Obviously "ws.example.com" is on a different level than "example.com", but do they overlap "directly"? I had the impression that your recommendation is to move FreeIPA to "ipa.example.com", but will it still be possible to manage the old "s1.example.com", "s2.example.com", etc. subdomains in FreeIPA? Will I loose the bind integration? Every helpful comment is highly appreciated. Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project