On 8.12.2015 13:17, Harald Dunkel wrote: > Hi folks, > > currently I have a DNS domain "example.com" with several > subdomains "s1.example.com", "s2.example.com", etc. (using > NIS for IM). DNServer is bind9. There is a special stub zone > "ws.example.com" provided by AD (including the correct > TXT DNS records). > > Now I would like to move the Unix part to FreeIPA 4.2 > (using integrated DNS) and to build a trust relationship > to AD. I just wonder if this is possible without loosing > the top level "example.com" for both DNS and Kerberos > realm? > > Looking at http://www.freeipa.org/page/Deployment_Recommendations > I got confused by expressions like "directly overlap" and > "same DNS zone level". Obviously "ws.example.com" is on > a different level than "example.com", but do they overlap > "directly"?
Does https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#dns-reqs and https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#dns-realm-settings answer your questions? There are some examples in the second document. Petr^2 Spacek > I had the impression that your recommendation is to move > FreeIPA to "ipa.example.com", but will it still be > possible to manage the old "s1.example.com", "s2.example.com", > etc. subdomains in FreeIPA? Will I loose the bind integration? > > > Every helpful comment is highly appreciated. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project