[Freeipa-users] External DNS
Jakub Hrozek
jhrozek at redhat.com
Sun May 10 16:53:47 UTC 2015
On Thu, May 07, 2015 at 01:07:58PM -0400, Dmitri Pal wrote:
> On 05/07/2015 04:37 AM, Petr Spacek wrote:
> >On 7.5.2015 09:31, Winfried de Heiden wrote:
> >>Hi all,
> >>
> >> One of the nice FreeIPA features is a host will be added to DNS
> >>automatically when the client is installed. However, in some situations
> >>using an other, external, DNS server is prefered. Now, this is possible but
> >>hosts have to added manually to this other DNS-server.
> >>
> >> Is it possible to handle DNS records by IPA on an external DNS server? Any
> >>future plans for this?
> >This automatic update is handled by SSSD and uses standard DNS update
> >protocol. I.e. it should work as long as your 'external' DNS server is
> >configured to accept updates from clients.
>
> This is the update not the creation.
> Will the update create both A/AAAA and PTR record?
It should also create the record (although I haven't tested right now).
SSSD would so far only create the address family that is used to connect
to the server. We have an RFE open to update both:
https://fedorahosted.org/sssd/ticket/2120
and also update the address on startup, not on going offline, which
might be too late in some cases:
https://fedorahosted.org/sssd/ticket/1926
But what I see as a potentially more important blocker is that SSSD
always use the GSSAPI credentials of the joined realm. If the external
DNS server requires different authentication, the update wouldn't
succeed.
> I thought that it will just update IP but not create these records.
> If I am correct then the question is valid and we need to have a way to
> create entries in an external data store.
>
> Sounds like another use case for the notification system.
> And for that we do not have firm plans yet but we are collecting the use
> cases to justify the effort.
> Martin do you think it is worth opening a ticket?
>
> >Please refer to documentation to your DNS server for further information and
> >let us know if you encounter some problem.
> >
> >Have a nice day!
> >
>
>
> --
> Thank you,
> Dmitri Pal
>
> Director of Engineering for IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list