[Freeipa-users] IPA Trusts
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 16 19:13:56 UTC 2015
On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote:
>Reading through the RHEL 7.1 documents on setting up a trust between IPA and
>AD I came across a note that IPA had to be managing DNS in order for this to
>work. Why is this? Is there any way around this? At this point the DNS IPA
>would manage is DNSSEC signed and as such can't be managed by IPA, it must be
>managed separately.
It is unfortunate that documentation turns recommendations into a
mandatory statements. IPA deployment depends heavily on properly
configured DNS and we provide means to maintain DNS server with IPA
tools. This, however, doesn't mean DNS is required to be maintained by
IPA only. Instead, a properly maintained DNS setup is required, not that
it is set up and controlled by IPA means.
It is easier in many cases to use IPA-managed DNS but if you know what
you are doing, all we ask is to have proper DNS entries in your DNS
infrastructure prior to using IPA commands which require these entries
to exist (or be created, had the DNS infrastructure been managed by
IPA).
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list