Thank you, Martin. '--allow-zone-overlap' may indeed fix one of the
challenges. I will give it a try.

Another check that is not a blocker but undesirable is the reverse zone
lookup. The installer does a check and some turkey upstream of my
infrastructure has a zone for in a public DNS hosts. Bizarre!
Not exactly a blocker for I assume I can add it after the installation.

On Mon, Sep 12, 2016 at 1:41 AM, Martin Basti <> wrote:

> On 11.09.2016 20:15, Richard Harmonson wrote:
> Is there an option to disable the various DNS checks using
> ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide the
> option in future releases? Reviewing the ipa-server-install man page, I am
> not seeing it.
> I want to compliment the team for placing safeguards on the installation
> of FreeIPA in respect to DNS best practices. I get the need to help some of
> the installers that may not have a strong grasp of DNS. However, there are
> scenarios where the checks becomes installation blockers or result in
> undesirable results. I am not trying to be mysterious, but I have no desire
> to embarrass third parties on their DNS faux pas. Thank you.
> Hello, which check exactly do you mean?
> For zone overlap there is --allow-zone-overlap option. This was added in
> 4.3
> Martin
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to