[Freeipa-users] DDNS with DHCPD and IPA

Andy Tomlin atomlin at engineer.com
Wed Apr 9 15:58:13 UTC 2014 

Ok, I added a howto page


On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <atomlin at engineer.com> wrote:

> Remove foot from mouth... sure.
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dmitri Pal
> Sent: Friday, April 4, 2014 4:45 PM
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>
> On 04/03/2014 07:50 PM, Andy Tomlin wrote:
> > Awesome, adding the grant line with my key (DDNS_UPDATE) did the
> > trick. This makes it perform exactly like old config.
> >
> > Thanks for the help. Someone should put this example in the docs.
>
> Would you mind writing a HowTo on our wiki?
>
> >
> > -----Original Message-----
> > From: freeipa-users-bounces at redhat.com
> > [mailto:freeipa-users-bounces at redhat.com] On Behalf Of William Brown
> > Sent: Thursday, April 3, 2014 3:29 PM
> > To: freeipa-users at redhat.com
> > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
> >
> > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
> >> That would be my preference, would then work same as bind/dhcpd
> >> before switching to ipa. I just dont know how to do it correctly.
> >>
> >>
> > This assumes dhcp and named are on the same system.
> >
> > For an unrelated project I wrote some docs here:
> >
> > http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
> > rk
> >
> > And the example config files referenced are:
> >
> > https://github.com/micolous/tollgate/tree/master/docs/example/fedora
> >
> > The important parts are:
> >
> > rndc-confgen -a -r keyboard -b 256
> > chown named:named /etc/rndc.key
> >
> > In named.conf add after the options section:
> >
> > include "/etc/rndc.key";
> >
> > In the zone (In ipa you will need to add this permission)
> >
> > grant rndc-key wildcard * ANY;
> >
> > Then in dhcpd:
> >
> >
> > include                 "/etc/rndc.key";
> >
> > And to the dhcpd range:
> >
> >
> >       zone dhcp.example.lan. {
> >               primary 127.0.0.1;
> >               key     "rndc-key";
> >       }
> >
> >
> >       zone 0.4.10.in-addr.arpa. {
> >               primary 127.0.0.1;
> >               key "rndc-key";
> >       }
> >
> >
> > This should coexist peacefully with freeipa, but try to make sure your
> > DDNS updated zone is say dhcp.example.com rather than a zone you care
> about.
> > Consider you have a domain controller called x.example.com, and you
> > allow DDNS to example.com. If someone set their hostname to x, they
> > could take over the DNS records for your DC. Better to have a second
> > zone to prevent this.
> >
> > --
> > William Brown <william at firstyear.id.au>
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140409/84ae4c06/attachment.htm>

More information about the Freeipa-users mailing list