[Freeipa-devel] [PATCH] 0017 Integrate realmdomains with IPA DNS
Alexander Bokovoy
abokovoy at redhat.com
Thu Apr 11 12:23:38 UTC 2013
On Thu, 11 Apr 2013, Petr Spacek wrote:
>On 11.4.2013 13:43, Alexander Bokovoy wrote:
>>On Thu, 11 Apr 2013, Petr Spacek wrote:
>>>On 11.4.2013 13:24, Alexander Bokovoy wrote:
>>>>On Thu, 11 Apr 2013, Petr Spacek wrote:
>>>>>On 11.4.2013 13:09, Ana Krivokapic wrote:
>>>>>>Integrate realmdomains with IPA DNS
>>>>>>
>>>>>>Add an entry to realmdomains when a DNS zone is added to IPA. Delete the
>>>>>>related entry from realmdomains when the DNS zone is deleted from IPA.
>>>>>>
>>>>>>https://fedorahosted.org/freeipa/ticket/3544
>>>>>
>>>>>I would add a TXT record as I described in
>>>>>https://fedorahosted.org/freeipa/ticket/3544#comment:8
>>>>>
>>>>>This integration probably should go to both commands, realmdomains-*
>>>>>dnszone-*.
>>>>>
>>>>>Any objections? AB?
>>>>Adding TXT record is probably harmless.
>>>>
>>>>I would actually add the TXT record creation only to realmdomains-* and
>>>>trigger it only in case we manage our DNS and DNS zone is there.
>>>>This way a hook from dnszone-add will trigger adding TXT record back (via
>>>>call to
>>>>realmdomains-mod --add and then TXT record addition from there). Also
>>>>the fact that admin added manually some domain to realmdomains mapping
>>>>means that it is implied to be used in obtaining TGTs, so TXT record is
>>>>helpful there as well.
>>>
>>>Okay, it makes sense. We will see how it will work in reality.
>>
>>One more thing to check is that we don't do this for our own domain.
>
>What do you mean? The TXT record? We create the TXT record in the
>'first' IPA domain (or at least I see this records in my test
>domains).
Creating realmdomains entry for our own domain is not needed since it is
there by default and calling to create TXT entry for the same domain
from realmdomains-mod is also not needed since we know that it is there.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list