[Freeipa-users] DNS: sub-domain or new domain
Simo Sorce
simo at redhat.com
Wed Dec 12 18:59:50 UTC 2012
On Wed, 2012-12-12 at 10:45 -0800, Patrick Bakker wrote:
> I just joined this list because I was curious about the recent
> discussion that Rashard Kelly had started about whether to
> use FreeIPA's integrated DNS or whether to disable DNS. I'm wondering
> about a very similar thing. I have a bunch of Linux servers that I'd
> like to start manage more centrally but we have Active Directory
> running the network right now.
>
>
> I looked at the bug attachment Petr Spacek recommended
> (https://fedorahosted.org/freeipa/attachment/ticket/3268/3268.v2) but
> one thing I didn't see there is a discussion of whether to use an
> entirely different domain. As this is the direction I'm inclined to
> I'm curious if there is some good reason not to do it.
>
>
> Suppose I have a company ACME Widgets which is running
> acmewidgets.local under Active Directory. Does it simplify anything if
> I were to run all my Linux boxes under FreeIPA under an entirely
> different domain such as acme.local?
It will avoid the need to do delegation but you will need to set up
conditional forwarders if you want to resolve both domain from all
machines.
Also do not use .local that domain name is used by zeroconf style stuff
and can cause issues (in a windows domain too), use something like .lan
> Since I have completely separate DNS records I shouldn't need to worry
> about any DNS integration. Will this complicate a future trust between
> the AD domain acmewidgets.local and the FreeIPA domain acme.local if I
> want to do that at some point?
No trusts are better with completely separate root domains, they
certainly can't work if you use the same domain.
However there is at least 1 minor 'integration; step, you need
conditional forwarders in both systems so one can forward queries to the
other for its clients.
>
> Is the website planning to be updated again soon? Looking through the
> documentation I only see old versions listed. Also, clicking the
> roadmaps, future version plans, etc... appear to be updated.
>
We keep adding documentation as we produce it.
Is there anything specific you find missing besides updated manuals ?
We should have docs for 3.0/3.1 soon courtesy of Fedora 18.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list