[Freeipa-users] Questions from Steven Jones
Adam Young
ayoung at redhat.com
Tue May 3 13:21:39 UTC 2011
On 05/03/2011 08:46 AM, Dmitri Pal wrote:
> I am posting Steven's questions as they have been sent to the wrong list
> and were on hold.
>
> ------------------------------------------------
>
> Hi
>
> Seem to be having issues posting....anyway....
>
> I notice that free-ipa really wants to work best as its own dns
> etc....problem is with AD running integrated DNS there is a clash....So
> Im wondering with say a domain of ipa.ac.nz whether it would be a good
> idea or sensible and worthwhile to run ipa as a dns stub say unix.ipa.ac.nz?
>
> Would this cause any issues with anything? say passwd syncing with AD
> under ipa.ac.nz (or actually its staff.ipa.ac.nz) ????
>
> > From reading the docs this looks like it might be a good idea, not sure...
>
> Are there any good high design and architecture docs I should read? to
> answer such Qs?
>
> regards
>
>
> -----------------------------------------------
>
I'd go so far as to say that it is a very good idea, but there really is
no issue. Either IPA runs as DNS, or it needs something else to keep
DNS entries in sync. Obviously, it is easier to do all inside a single
system. I'm guessing that what he is seeing i having IPA run DNS for
the same zone as another DNS server: the fact that it is AD is probably
irrelevant.
Just remember that if you make the IPA DNS be a subzone, all of the
hostnames need to match. Not sure if then there will be Kerberos Realm
issues between AD and IPA, though.
More information about the Freeipa-users
mailing list