<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>comments inline<br>
</p>
<br>
<div class="moz-cite-prefix">On 23.02.2017 15:07, Iulian Roman
wrote:<br>
</div>
<blockquote
cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Despite reading the freeipa and Redhat IdM
documentation regarding the DNS , it is still unclear to
me if and when is integrated DNS mandatory . We do have
an environment with a pretty complex DNS setup , which is
in place for years and there are no plans to change it.<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Integrated DNS is not mandatory at all. Without IPA DNS you have to
manage all IPA system records manually on external DNS<br>
<br>
<blockquote
cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div><br>
</div>
if i understood correctly from the documentation ,
integrated DNS is mandatory for configuring AD trust. is
that correct ? <br>
</div>
</div>
</div>
</blockquote>
No, it is not needed for AD trust, you need to add additional DNS
records<br>
<br>
<blockquote
cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div><br>
Can the integrated DNS be configured as forward only ? Do
the clients need to have IPA DNS as a resolver or they can
just use existing DNS server ? <br>
</div>
</div>
</div>
</blockquote>
You don't need to install IPA DNS.<br>
<br>
All records the IPA needs can be received from command `ipa
dns-update-system-records --dry-run` (IPA4.4+)<br>
<br>
<blockquote
cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Martin<br>
</body>
</html>