[Freeipa-users] DDNS with DHCPD and IPA

Dmitri Pal dpal at redhat.com
Wed Apr 9 18:20:01 UTC 2014 

On 04/09/2014 11:58 AM, Andy Tomlin wrote:
> Ok, I added a howto page

Thanks
Martin, should be link it from HowTo page?
>
>
> On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <atomlin at engineer.com 
> <mailto:atomlin at engineer.com>> wrote:
>
>     Remove foot from mouth... sure.
>
>     -----Original Message-----
>     From: freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>
>     [mailto:freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of Dmitri Pal
>     Sent: Friday, April 4, 2014 4:45 PM
>     To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>     Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>
>     On 04/03/2014 07:50 PM, Andy Tomlin wrote:
>     > Awesome, adding the grant line with my key (DDNS_UPDATE) did the
>     > trick. This makes it perform exactly like old config.
>     >
>     > Thanks for the help. Someone should put this example in the docs.
>
>     Would you mind writing a HowTo on our wiki?
>
>     >
>     > -----Original Message-----
>     > From: freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>
>     > [mailto:freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of William Brown
>     > Sent: Thursday, April 3, 2014 3:29 PM
>     > To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>     > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>     >
>     > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
>     >> That would be my preference, would then work same as bind/dhcpd
>     >> before switching to ipa. I just dont know how to do it correctly.
>     >>
>     >>
>     > This assumes dhcp and named are on the same system.
>     >
>     > For an unrelated project I wrote some docs here:
>     >
>     >
>     http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
>     > rk
>     >
>     > And the example config files referenced are:
>     >
>     > https://github.com/micolous/tollgate/tree/master/docs/example/fedora
>     >
>     > The important parts are:
>     >
>     > rndc-confgen -a -r keyboard -b 256
>     > chown named:named /etc/rndc.key
>     >
>     > In named.conf add after the options section:
>     >
>     > include "/etc/rndc.key";
>     >
>     > In the zone (In ipa you will need to add this permission)
>     >
>     > grant rndc-key wildcard * ANY;
>     >
>     > Then in dhcpd:
>     >
>     >
>     > include                 "/etc/rndc.key";
>     >
>     > And to the dhcpd range:
>     >
>     >
>     >       zone dhcp.example.lan. {
>     >               primary 127.0.0.1;
>     >               key     "rndc-key";
>     >       }
>     >
>     >
>     >       zone 0.4.10.in-addr.arpa. {
>     >               primary 127.0.0.1;
>     >               key "rndc-key";
>     >       }
>     >
>     >
>     > This should coexist peacefully with freeipa, but try to make
>     sure your
>     > DDNS updated zone is say dhcp.example.com
>     <http://dhcp.example.com> rather than a zone you care
>     about.
>     > Consider you have a domain controller called x.example.com
>     <http://x.example.com>, and you
>     > allow DDNS to example.com <http://example.com>. If someone set
>     their hostname to x, they
>     > could take over the DNS records for your DC. Better to have a second
>     > zone to prevent this.
>     >
>     > --
>     > William Brown <william at firstyear.id.au
>     <mailto:william at firstyear.id.au>>
>     >
>     > _______________________________________________
>     > Freeipa-users mailing list
>     > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>     >
>     > _______________________________________________
>     > Freeipa-users mailing list
>     > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>     --
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager IdM portfolio
>     Red Hat, Inc.
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140409/3f1bced6/attachment.htm>

More information about the Freeipa-users mailing list