[Freeipa-users] Freeipa and dns
Dmitri Pal
dpal at redhat.com
Thu Mar 5 22:03:52 UTC 2015
On 03/05/2015 12:41 PM, Andrew Holway wrote:
> Hello,
>
> We're working on a plan to spin up a bunch of private networks around
> the globe and we would like to use freeipa as our domain controller.
>
> I'm trying to work out how we do DNS. Actually, more specifically,
> making sure that hosts are authenticating against its local freeipa.
> Each regional domain controller should be replicating with the other
> regional domain controllers however how do we tell machines in the US
> to auth against the US freeipa and the EU machines to auth against the
> EU freeipa.
>
> If we point the DNS in our machines to the US freeipa will that
> freeipa respond with SRV records for itself?
FreeIPA does not support DNS sites yet.
https://fedorahosted.org/freeipa/ticket/2008
https://fedorahosted.org/bind-dyndb-ldap/ticket/126
<https://fedorahosted.org/bind-dyndb-ldap/ticket/126#>
It is in plans for the next release but as a stretch goal.
For now the work around would be to have an explicit set of servers
configured on the clients. You will loose a bit of agility if you plan
to deploy replicas dynamically but if you do not plan to do that static
server list might be a work around for now.
>
> Thanks,
>
> Andrew
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150305/0cc1247c/attachment.htm>
More information about the Freeipa-users
mailing list