<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/05/2015 12:41 PM, Andrew Holway
wrote:<br>
</div>
<blockquote
cite="mid:CAEiui-ueUB11xEuY_qeNxMcTONip_1W5cR2_LvzJCnzRs3s1dQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hello,</div>
<div><br>
</div>
We're working on a plan to spin up a bunch of private networks
around the globe and we would like to use freeipa as our domain
controller.
<div><br>
</div>
<div>I'm trying to work out how we do DNS. Actually, more
specifically, making sure that hosts are authenticating
against its local freeipa. Each regional domain controller
should be replicating with the other regional domain
controllers however how do we tell machines in the US to auth
against the US freeipa and the EU machines to auth against the
EU freeipa.</div>
<div><br>
</div>
<div>If we point the DNS in our machines to the US freeipa will
that freeipa respond with SRV records for itself?</div>
</div>
</blockquote>
<br>
FreeIPA does not support DNS sites yet.<br>
<meta charset="utf-8">
<p dir="ltr"
style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"
id="docs-internal-guid-dedf1cdb-ebf5-8366-0a12-745e02399297"><a
href="https://fedorahosted.org/freeipa/ticket/2008"
style="text-decoration:none;"><span
style="font-size:13px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;">https://fedorahosted.org/freeipa/ticket/2008</span></a></p>
<p dir="ltr"
style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a
href="https://fedorahosted.org/bind-dyndb-ldap/ticket/126#"
style="text-decoration:none;"><span
style="font-size:13px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;">https://fedorahosted.org/bind-dyndb-ldap/ticket/126</span></a></p>
<p dir="ltr"
style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><br>
It is in plans for the next release but as a stretch goal.</p>
<p dir="ltr"
style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><br>
For now the work around would be to have an explicit set of
servers configured on the clients. You will loose a bit of agility
if you plan to deploy replicas dynamically but if you do not plan
to do that static server list might be a work around for now.<br>
</p>
<br>
<blockquote
cite="mid:CAEiui-ueUB11xEuY_qeNxMcTONip_1W5cR2_LvzJCnzRs3s1dQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Andrew</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>