[Freeipa-users] Using Domain Names
Petr Spacek
pspacek at redhat.com
Mon Mar 2 07:44:06 UTC 2015
On 28.2.2015 04:33, Rob Crittenden wrote:
> Hadoop Solutions wrote:
>> Hi,
>>
>> I am new to IPA and we are planning to deploy IPA one of our hadoop
>> cluster nodes.
>>
>> But, i have question on IPA:
>>
>> 1. we are using corp DNS on all nodes, but still is it required to
>> install IPA DNS server ?
>>
>> 2. Domain name will it conflicts with if any existing domain?
>>
>> ex: Domain name: corp.abc.com <http://corp.abc.com>
>>
>>
>> Please let me know right way to install without any conflicts with
>> existing IPA like tools.
>
> IPA just needs a sane, available DNS server. It doesn't need to own it.
>
> There are some advantages to IPA owning the DNS server but as long as
> you're willing to maintain the records that IPA needs you'll be fine.
>
> If you plan to ever, maybe, even an outside chance want to integrate
> with an AD server via trust you'll want to pick a unique realm for IPA
> and a separate DNS zone (ipa.corp.example.com). Even without AD doing
> that it can still be a good idea.
I would use stronger words: *Never ever* use conflicting DNS names, just
create new sub-domain.
Conflicts are hard to manage and it will most likely blow up in your face when
DNSSEC validation is enabled (some day in the future).
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list