<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hello,</p> <p>comments inline<br> </p> <br> <div class="moz-cite-prefix">On 23.02.2017 15:07, Iulian Roman wrote:<br> </div> <blockquote cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div>Despite reading the freeipa and Redhat IdM documentation regarding the DNS , it is still unclear to me if and when is integrated DNS mandatory . We do have an environment with a pretty complex DNS setup , which is in place for years and there are no plans to change it.<br> </div> </div> </div> </div> </blockquote> <br> Integrated DNS is not mandatory at all. Without IPA DNS you have to manage all IPA system records manually on external DNS<br> <br> <blockquote cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div><br> </div> if i understood correctly from the documentation , integrated DNS is mandatory for configuring AD trust. is that correct ? <br> </div> </div> </div> </blockquote> No, it is not needed for AD trust, you need to add additional DNS records<br> <br> <blockquote cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div><br> Can the integrated DNS be configured as forward only ? Do the clients need to have IPA DNS as a resolver or they can just use existing DNS server ? <br> </div> </div> </div> </blockquote> You don't need to install IPA DNS.<br> <br> All records the IPA needs can be received from command `ipa dns-update-system-records --dry-run` (IPA4.4+)<br> <br> <blockquote cite="mid:CALjJZGkV7TRP7c4Brop4+FXfC7fDASxXOmNfz7w9mF3gUTpW+A@mail.gmail.com" type="cite"> <div dir="ltr"> <div><br> </div> <br> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> Martin<br> </body> </html>