[Freeipa-users] mixed DNS subnets for FreeIPA and M$ AD
Petr Spacek
pspacek at redhat.com
Tue Dec 8 14:08:48 UTC 2015
On 8.12.2015 13:17, Harald Dunkel wrote:
> Hi folks,
>
> currently I have a DNS domain "example.com" with several
> subdomains "s1.example.com", "s2.example.com", etc. (using
> NIS for IM). DNServer is bind9. There is a special stub zone
> "ws.example.com" provided by AD (including the correct
> TXT DNS records).
>
> Now I would like to move the Unix part to FreeIPA 4.2
> (using integrated DNS) and to build a trust relationship
> to AD. I just wonder if this is possible without loosing
> the top level "example.com" for both DNS and Kerberos
> realm?
>
> Looking at http://www.freeipa.org/page/Deployment_Recommendations
> I got confused by expressions like "directly overlap" and
> "same DNS zone level". Obviously "ws.example.com" is on
> a different level than "example.com", but do they overlap
> "directly"?
Does
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#dns-reqs
and
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#dns-realm-settings
answer your questions?
There are some examples in the second document.
Petr^2 Spacek
> I had the impression that your recommendation is to move
> FreeIPA to "ipa.example.com", but will it still be
> possible to manage the old "s1.example.com", "s2.example.com",
> etc. subdomains in FreeIPA? Will I loose the bind integration?
>
>
> Every helpful comment is highly appreciated.
More information about the Freeipa-users
mailing list