[Freeipa-users] DNS migration from AD to freeIPA managed DNS

Petr Spacek pspacek at redhat.com
Tue Jul 22 15:01:18 UTC 2014


On 22.7.2014 15:33, Shashi M wrote:
> I am looking for some help on DNS configuration migraion from AD to FreeIPA.
>
> I am planning implement AD trust in my current freeIPA setup which is
> currently having AD-IPA one way sync.
>
> New setup, I would also like to mange the DNS throug IPA. Currently unix
> DNS is hosted on Windows AD servers. I will have to import all the existing
> DNS records in freeIPA.
>
> Is it possible to configure freeIPA DNS service as secondary (slave) to
> existing AD DNS servers?
>
> my planned approach to migrate dns is as below
>
> - Setup new IPA servers with DNS for unix.example.com domain....
> - Allow zone transfer from AD to freeIPA to populate freeIPA DNS servers
> - Promote freeIPA as primary DNS server and make AD as secondary DNS

FreeIPA cannot be slave of another DNS server (yet :-). You have the option to 
use normal zone transfer, convert data from zone file to LDIF and import the 
LDIF directly to LDAP.

See https://fedorahosted.org/bind-dyndb-ldap/wiki/Migration and let us know if 
you need any assistance.

After that you will see all the data in FreeIPA user interface and all FreeIPA 
servers will serve the same copy of the data.

> Is this achivable with freeIPA currently? If not is it possible to have
> bind 9 installed on freeIPA server and still DNS be managed by freeIPA?

FreeIPA uses BIND 9 for it's DNS but all data managed by FreeIPA have to be in 
LDAP, not in master files. Anyway, the conversion procedure linked above is 
pretty straightforward.

Have a nice day!

-- 
Petr^2 Spacek




More information about the Freeipa-users mailing list