[Freeipa-users] AD-trust and external DNS
Petr Spacek
pspacek at redhat.com
Wed May 20 10:30:45 UTC 2015
Hello,
please let me correct this:
IPA cares only about correct DNS records. It does not matter if IPA manages
the DNS server or if the server is external entity - everything will work as
long as all records are in place.
IPA installers should give you standard zone file which can be added to
existing DNS servers.
On 18.5.2015 16:13, Baird, Josh wrote:
> You should add your IPA zone as a slave on your 'external' DNS servers so they are able to resolve the IPA zone.
If you decide to use IPA DNS then you *most importantly* need to add proper NS
records to the parent zone to ensure that DNS delegation is correct.
Slave zones are just 'nice to have' for improved resiliency but they should
never be used instead of proper NS records.
Let me know if you are interested in some other details.
Petr^2 Spacek
> Josh
>
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Winfried de Heiden
> Sent: Monday, May 18, 2015 10:10 AM
> To: Freeipa-users
> Subject: [Freeipa-users] AD-trust and external DNS
>
> Hi all,
>
> Creating an AD-trust works nicely. However, for some customers both AD and IPA don't have have DNS "for their own", the use external DNS (Infoblox for example)
>
> Now, is is possible to create an AD trust without a build-in (bind) IPA-DNS?
More information about the Freeipa-users
mailing list