[Freeipa-users] DDNS with DHCPD and IPA
Arthur Fayzullin
arthur at deus.pro
Thu Apr 10 04:50:15 UTC 2014
If this
http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update is it,
then it is quite not easy to understand what is it about.
here, in mail-list it was much more understandable.
10.04.2014 00:20, Dmitri Pal ?????:
> On 04/09/2014 11:58 AM, Andy Tomlin wrote:
>> Ok, I added a howto page
>
> Thanks
> Martin, should be link it from HowTo page?
>>
>>
>> On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <atomlin at engineer.com
>> <mailto:atomlin at engineer.com>> wrote:
>>
>> Remove foot from mouth... sure.
>>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com
>> <mailto:freeipa-users-bounces at redhat.com>
>> [mailto:freeipa-users-bounces at redhat.com
>> <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of Dmitri Pal
>> Sent: Friday, April 4, 2014 4:45 PM
>> To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>> Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>>
>> On 04/03/2014 07:50 PM, Andy Tomlin wrote:
>> > Awesome, adding the grant line with my key (DDNS_UPDATE) did the
>> > trick. This makes it perform exactly like old config.
>> >
>> > Thanks for the help. Someone should put this example in the docs.
>>
>> Would you mind writing a HowTo on our wiki?
>>
>> >
>> > -----Original Message-----
>> > From: freeipa-users-bounces at redhat.com
>> <mailto:freeipa-users-bounces at redhat.com>
>> > [mailto:freeipa-users-bounces at redhat.com
>> <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of William Brown
>> > Sent: Thursday, April 3, 2014 3:29 PM
>> > To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>> > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>> >
>> > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
>> >> That would be my preference, would then work same as bind/dhcpd
>> >> before switching to ipa. I just dont know how to do it correctly.
>> >>
>> >>
>> > This assumes dhcp and named are on the same system.
>> >
>> > For an unrelated project I wrote some docs here:
>> >
>> >
>> http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
>> > rk
>> >
>> > And the example config files referenced are:
>> >
>> >
>> https://github.com/micolous/tollgate/tree/master/docs/example/fedora
>> >
>> > The important parts are:
>> >
>> > rndc-confgen -a -r keyboard -b 256
>> > chown named:named /etc/rndc.key
>> >
>> > In named.conf add after the options section:
>> >
>> > include "/etc/rndc.key";
>> >
>> > In the zone (In ipa you will need to add this permission)
>> >
>> > grant rndc-key wildcard * ANY;
>> >
>> > Then in dhcpd:
>> >
>> >
>> > include "/etc/rndc.key";
>> >
>> > And to the dhcpd range:
>> >
>> >
>> > zone dhcp.example.lan. {
>> > primary 127.0.0.1;
>> > key "rndc-key";
>> > }
>> >
>> >
>> > zone 0.4.10.in-addr.arpa. {
>> > primary 127.0.0.1;
>> > key "rndc-key";
>> > }
>> >
>> >
>> > This should coexist peacefully with freeipa, but try to make
>> sure your
>> > DDNS updated zone is say dhcp.example.com
>> <http://dhcp.example.com> rather than a zone you care
>> about.
>> > Consider you have a domain controller called x.example.com
>> <http://x.example.com>, and you
>> > allow DDNS to example.com <http://example.com>. If someone set
>> their hostname to x, they
>> > could take over the DNS records for your DC. Better to have a
>> second
>> > zone to prevent this.
>> >
>> > --
>> > William Brown <william at firstyear.id.au
>> <mailto:william at firstyear.id.au>>
>> >
>> > _______________________________________________
>> > Freeipa-users mailing list
>> > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> > https://www.redhat.com/mailman/listinfo/freeipa-users
>> >
>> > _______________________________________________
>> > Freeipa-users mailing list
>> > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> > https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140410/92a6e550/attachment.htm>
More information about the Freeipa-users
mailing list