[Freeipa-users] DDNS with DHCPD and IPA

Arthur Fayzullin arthur at deus.pro
Thu Apr 10 04:50:15 UTC 2014 

If this
http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update is it,
then it is quite not easy to understand what is it about.
here, in mail-list it was much more understandable.

10.04.2014 00:20, Dmitri Pal ?????:
> On 04/09/2014 11:58 AM, Andy Tomlin wrote:
>> Ok, I added a howto page
>
> Thanks
> Martin, should be link it from HowTo page?
>>
>>
>> On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <atomlin at engineer.com
>> <mailto:atomlin at engineer.com>> wrote:
>>
>>     Remove foot from mouth... sure.
>>
>>     -----Original Message-----
>>     From: freeipa-users-bounces at redhat.com
>>     <mailto:freeipa-users-bounces at redhat.com>
>>     [mailto:freeipa-users-bounces at redhat.com
>>     <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of Dmitri Pal
>>     Sent: Friday, April 4, 2014 4:45 PM
>>     To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>>     Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>>
>>     On 04/03/2014 07:50 PM, Andy Tomlin wrote:
>>     > Awesome, adding the grant line with my key (DDNS_UPDATE) did the
>>     > trick. This makes it perform exactly like old config.
>>     >
>>     > Thanks for the help. Someone should put this example in the docs.
>>
>>     Would you mind writing a HowTo on our wiki?
>>
>>     >
>>     > -----Original Message-----
>>     > From: freeipa-users-bounces at redhat.com
>>     <mailto:freeipa-users-bounces at redhat.com>
>>     > [mailto:freeipa-users-bounces at redhat.com
>>     <mailto:freeipa-users-bounces at redhat.com>] On Behalf Of William Brown
>>     > Sent: Thursday, April 3, 2014 3:29 PM
>>     > To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>>     > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA
>>     >
>>     > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote:
>>     >> That would be my preference, would then work same as bind/dhcpd
>>     >> before switching to ipa. I just dont know how to do it correctly.
>>     >>
>>     >>
>>     > This assumes dhcp and named are on the same system.
>>     >
>>     > For an unrelated project I wrote some docs here:
>>     >
>>     >
>>     http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo
>>     > rk
>>     >
>>     > And the example config files referenced are:
>>     >
>>     >
>>     https://github.com/micolous/tollgate/tree/master/docs/example/fedora
>>     >
>>     > The important parts are:
>>     >
>>     > rndc-confgen -a -r keyboard -b 256
>>     > chown named:named /etc/rndc.key
>>     >
>>     > In named.conf add after the options section:
>>     >
>>     > include "/etc/rndc.key";
>>     >
>>     > In the zone (In ipa you will need to add this permission)
>>     >
>>     > grant rndc-key wildcard * ANY;
>>     >
>>     > Then in dhcpd:
>>     >
>>     >
>>     > include                 "/etc/rndc.key";
>>     >
>>     > And to the dhcpd range:
>>     >
>>     >
>>     >       zone dhcp.example.lan. {
>>     >               primary 127.0.0.1;
>>     >               key     "rndc-key";
>>     >       }
>>     >
>>     >
>>     >       zone 0.4.10.in-addr.arpa. {
>>     >               primary 127.0.0.1;
>>     >               key "rndc-key";
>>     >       }
>>     >
>>     >
>>     > This should coexist peacefully with freeipa, but try to make
>>     sure your
>>     > DDNS updated zone is say dhcp.example.com
>>     <http://dhcp.example.com> rather than a zone you care
>>     about.
>>     > Consider you have a domain controller called x.example.com
>>     <http://x.example.com>, and you
>>     > allow DDNS to example.com <http://example.com>. If someone set
>>     their hostname to x, they
>>     > could take over the DNS records for your DC. Better to have a
>>     second
>>     > zone to prevent this.
>>     >
>>     > --
>>     > William Brown <william at firstyear.id.au
>>     <mailto:william at firstyear.id.au>>
>>     >
>>     > _______________________________________________
>>     > Freeipa-users mailing list
>>     > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>>     >
>>     > _______________________________________________
>>     > Freeipa-users mailing list
>>     > Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>     --
>>     Thank you,
>>     Dmitri Pal
>>
>>     Sr. Engineering Manager IdM portfolio
>>     Red Hat, Inc.
>>
>>     _______________________________________________
>>     Freeipa-users mailing list
>>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
>
> -- 
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140410/92a6e550/attachment.htm>

More information about the Freeipa-users mailing list