[Freeipa-users] mixed DNS subnets for FreeIPA and M$ AD
Harald Dunkel
harald.dunkel at aixigo.de
Tue Dec 8 12:17:58 UTC 2015
Hi folks,
currently I have a DNS domain "example.com" with several
subdomains "s1.example.com", "s2.example.com", etc. (using
NIS for IM). DNServer is bind9. There is a special stub zone
"ws.example.com" provided by AD (including the correct
TXT DNS records).
Now I would like to move the Unix part to FreeIPA 4.2
(using integrated DNS) and to build a trust relationship
to AD. I just wonder if this is possible without loosing
the top level "example.com" for both DNS and Kerberos
realm?
Looking at http://www.freeipa.org/page/Deployment_Recommendations
I got confused by expressions like "directly overlap" and
"same DNS zone level". Obviously "ws.example.com" is on
a different level than "example.com", but do they overlap
"directly"?
I had the impression that your recommendation is to move
FreeIPA to "ipa.example.com", but will it still be
possible to manage the old "s1.example.com", "s2.example.com",
etc. subdomains in FreeIPA? Will I loose the bind integration?
Every helpful comment is highly appreciated.
Harri
More information about the Freeipa-users
mailing list