[Freeipa-users] IPA Trusts
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Mar 16 19:16:34 UTC 2015
On Monday, March 16, 2015 09:13:56 PM Alexander Bokovoy wrote:
> On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote:
> >Reading through the RHEL 7.1 documents on setting up a trust between IPA
> >and AD I came across a note that IPA had to be managing DNS in order for
> >this to work. Why is this? Is there any way around this? At this point the
> >DNS IPA would manage is DNSSEC signed and as such can't be managed by IPA,
> >it must be managed separately.
>
> It is unfortunate that documentation turns recommendations into a
> mandatory statements. IPA deployment depends heavily on properly
> configured DNS and we provide means to maintain DNS server with IPA
> tools. This, however, doesn't mean DNS is required to be maintained by
> IPA only. Instead, a properly maintained DNS setup is required, not that
> it is set up and controlled by IPA means.
>
> It is easier in many cases to use IPA-managed DNS but if you know what
> you are doing, all we ask is to have proper DNS entries in your DNS
> infrastructure prior to using IPA commands which require these entries
> to exist (or be created, had the DNS infrastructure been managed by
> IPA).
Ok thanks, I sort of figured that was probably the case, but I wanted to check
to make sure.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150316/5645411d/attachment.sig>
More information about the Freeipa-users
mailing list