[Freeipa-users] FreeIPA and DNSMasq vs BIND

[Simo Sorce]

On Thu, 2012-01-12 at 11:19 -0600, Stack Kororā wrote:
> Hello,
> 
> I am trying to better understand the --setup-dns option and I am going
> through the Red Hat documentation on IPA as my source[1]. This script
> generates a bunch of DNS redirects for the named server. I don't quite
> understand everything it does, but I am curious because I would prefer
> to use DNSMasq over named/dhcpd/tftpd. I am struggling trying to get
> named/dhcpd/tftpd to work anywhere close to the level that DNSMasq
> works for me.
> 
> [1]
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Preparing_for_an_IPA_Installation-DNS
> 
> The exact problem I am working with is this: If I setup DNSMasq and
> follow the Red Hat documentation for 6.2 but I do not pass the
> --setup-dns option then when I try to install the clients they fail
> because they can't find the services on the network even when I try to
> force point them to the server. However, if I follow the guide step by
> step it turns out differently; it works. I disabled DNSMasq, installed
> named, and passed the --setup-dns option. The clients were then able
> to autodetect the server without problems. So then IPA works as
> expected but nothing else on the network does.
> 
> Obviously the bind configuration is the designed implementation for
> IPA but I am spending far more of my time trying to get
> named/dhcpd/tftpd working acceptably then I have available. DNSMasq
> works great for me if I could figure out how to replicate the
> --setup-dns option in it.

Unfortunately it is not possible to use DNSMasq as a backend for the
--setup-dns option.
This option depends on a bind specific LDAP backend (bind-dyndb-ldap)
and there is no equivalent plugin for DNSMasq.

> I am really hoping someone might be able to give me a few pointers in
> replicating the IPA named configuration in DNSMasq.

If you want to use DNSMasq you will have to create an appropriate zone
and fill it with the necessary SRV, TXT and A records. When you do not
use --setup-dns the FreeIPA install script generates an example zone
file. You can use that file to configure DNSMasq.

Keep in mind this will also mean no Dynamic DNS updates nor LDAP updates
are possible so you will have to manually mange your DNS for each
replica and client you add to the FreeIPA domain.


Another alternative is to use bind for DNS and keep using DNSMasq for
the other services.

HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York