Re: [Freeipa-users] IPA, Named and DHCP
On 7.9.2013 18:36, Simo Sorce wrote: On Fri, 2013-09-06 at 20:12 -0400, bwellsnc wrote: Hello.I am working on implementing several new things at my company, IPA, a new DHCP server, and a new named server. The problem is that I am running an infrastructure with Windows, Linux, and Mac. This means that DNS entries cannot be kept up to date using the windows/mac side because they are not part of IPA. The current DHCP/Named instance I am replacing does named updates from DHCP. I am wondering, can the named instance used by IPA be updated using DHCP. The ideal situation would be for DHCP to be allowed to automatically make additions to IPA's DNS server, even if there is no entry for that host. Can something like this be implemented with ipa: http://edmann.com/Computers-Technology/2008/01/08/ISC-DHCP-and-Ldap-Backend The LDAP backend for ISC DHCP is used to store dhcp data, but wouldn't be very useful for your purpose. If you can run a script from the DHCP server when a machine registers, then what you can do is to create a user/service allowed to modify DNS entries (aadding a named ACI to the relative zone) and then simply use the script to call 'nsupdate' and issue GSS-TSIG signed dns update requests. Simo is right. Please see: - man dhcpd.conf, particularly section 'EVENTS' and options ddns-*, do-forward-updates and client-updates. - http://www.freeipa.org/page/Dynamic_updates_with_GSS-TSIG, particularly section about update-policies Don't hesitate to ask again if you find some something unclear or misleading information. -- Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA, Named and DHCP
On Fri, 2013-09-06 at 20:12 -0400, bwellsnc wrote: > Hello.I am working on implementing several new things at my > company, IPA, a new DHCP server, and a new named server. The problem > is that I am running an infrastructure with Windows, Linux, and Mac. > This means that DNS entries cannot be kept up to date using the > windows/mac side because they are not part of IPA. The current > DHCP/Named instance I am replacing does named updates from DHCP. I am > wondering, can the named instance used by IPA be updated using DHCP. > The ideal situation would be for DHCP to be allowed to automatically > make additions to IPA's DNS server, even if there is no entry for that > host. Can something like this be implemented with ipa: > > > http://edmann.com/Computers-Technology/2008/01/08/ISC-DHCP-and-Ldap-Backend > The LDAP backend for ISC DHCP is used to store dhcp data, but wouldn't be very useful for your purpose. If you can run a script from the DHCP server when a machine registers, then what you can do is to create a user/service allowed to modify DNS entries (aadding a named ACI to the relative zone) and then simply use the script to call 'nsupdate' and issue GSS-TSIG signed dns update requests. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] IPA, Named and DHCP
Hello.I am working on implementing several new things at my company, IPA, a new DHCP server, and a new named server. The problem is that I am running an infrastructure with Windows, Linux, and Mac. This means that DNS entries cannot be kept up to date using the windows/mac side because they are not part of IPA. The current DHCP/Named instance I am replacing does named updates from DHCP. I am wondering, can the named instance used by IPA be updated using DHCP. The ideal situation would be for DHCP to be allowed to automatically make additions to IPA's DNS server, even if there is no entry for that host. Can something like this be implemented with ipa: http://edmann.com/Computers-Technology/2008/01/08/ISC-DHCP-and-Ldap-Backend Thanks! Brent ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
