[Freeipa-users] DDNS with DHCPD and IPA
William Brown
william at firstyear.id.au
Thu Apr 3 22:29:12 UTC 2014
On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
> That would be my preference, would then work same as bind/dhcpd before
> switching to ipa. I just dont know how to do it correctly.
>
>
This assumes dhcp and named are on the same system.
For an unrelated project I wrote some docs here:
http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-network
And the example config files referenced are:
https://github.com/micolous/tollgate/tree/master/docs/example/fedora
The important parts are:
rndc-confgen -a -r keyboard -b 256
chown named:named /etc/rndc.key
In named.conf add after the options section:
include "/etc/rndc.key";
In the zone (In ipa you will need to add this permission)
grant rndc-key wildcard * ANY;
Then in dhcpd:
include "/etc/rndc.key";
And to the dhcpd range:
zone dhcp.example.lan. {
primary 127.0.0.1;
key "rndc-key";
}
zone 0.4.10.in-addr.arpa. {
primary 127.0.0.1;
key "rndc-key";
}
This should coexist peacefully with freeipa, but try to make sure your
DDNS updated zone is say dhcp.example.com rather than a zone you care
about. Consider you have a domain controller called x.example.com, and
you allow DDNS to example.com. If someone set their hostname to x, they
could take over the DNS records for your DC. Better to have a second
zone to prevent this.
--
William Brown <william at firstyear.id.au>
More information about the Freeipa-users
mailing list