<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
If this
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update">http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update</a>
is it,<br>
then it is quite not easy to understand what is it about.<br>
here, in mail-list it was much more understandable.<br>
<br>
<div class="moz-cite-prefix">10.04.2014 00:20, Dmitri Pal пишет:<br>
</div>
<blockquote cite="mid:53458F51.7030001@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 04/09/2014 11:58 AM, Andy Tomlin
wrote:<br>
</div>
<blockquote
cite="mid:CAF4MyDZ-RF3HpeeTk0DGGosDpUaXLPw-mE-v-e0d9e0JYpjoVQ@mail.gmail.com"
type="cite">
<div dir="ltr">Ok, I added a howto page</div>
</blockquote>
<br>
Thanks<br>
Martin, should be link it from HowTo page?<br>
<blockquote
cite="mid:CAF4MyDZ-RF3HpeeTk0DGGosDpUaXLPw-mE-v-e0d9e0JYpjoVQ@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Apr 4, 2014 at 5:51 PM, Andy
Tomlin <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:atomlin@engineer.com" target="_blank">atomlin@engineer.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Remove
foot from mouth... sure.<br>
<div class="HOEnZb">
<div class="h5"><br>
-----Original Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a><br>
[mailto:<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>]
On Behalf Of Dmitri Pal<br>
Sent: Friday, April 4, 2014 4:45 PM<br>
To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA<br>
<br>
On 04/03/2014 07:50 PM, Andy Tomlin wrote:<br>
> Awesome, adding the grant line with my key
(DDNS_UPDATE) did the<br>
> trick. This makes it perform exactly like old
config.<br>
><br>
> Thanks for the help. Someone should put this
example in the docs.<br>
<br>
Would you mind writing a HowTo on our wiki?<br>
<br>
><br>
> -----Original Message-----<br>
> From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a><br>
> [mailto:<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>]
On Behalf Of William Brown<br>
> Sent: Thursday, April 3, 2014 3:29 PM<br>
> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
> Subject: Re: [Freeipa-users] DDNS with DHCPD and
IPA<br>
><br>
> On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin
wrote:<br>
>> That would be my preference, would then work
same as bind/dhcpd<br>
>> before switching to ipa. I just dont know how
to do it correctly.<br>
>><br>
>><br>
> This assumes dhcp and named are on the same
system.<br>
><br>
> For an unrelated project I wrote some docs here:<br>
><br>
> <a moz-do-not-send="true"
href="http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo"
target="_blank">http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo</a><br>
> rk<br>
><br>
> And the example config files referenced are:<br>
><br>
> <a moz-do-not-send="true"
href="https://github.com/micolous/tollgate/tree/master/docs/example/fedora"
target="_blank">https://github.com/micolous/tollgate/tree/master/docs/example/fedora</a><br>
><br>
> The important parts are:<br>
><br>
> rndc-confgen -a -r keyboard -b 256<br>
> chown named:named /etc/rndc.key<br>
><br>
> In named.conf add after the options section:<br>
><br>
> include "/etc/rndc.key";<br>
><br>
> In the zone (In ipa you will need to add this
permission)<br>
><br>
> grant rndc-key wildcard * ANY;<br>
><br>
> Then in dhcpd:<br>
><br>
><br>
> include "/etc/rndc.key";<br>
><br>
> And to the dhcpd range:<br>
><br>
><br>
> zone dhcp.example.lan. {<br>
> primary 127.0.0.1;<br>
> key "rndc-key";<br>
> }<br>
><br>
><br>
> zone 0.4.10.in-addr.arpa. {<br>
> primary 127.0.0.1;<br>
> key "rndc-key";<br>
> }<br>
><br>
><br>
> This should coexist peacefully with freeipa, but
try to make sure your<br>
> DDNS updated zone is say <a
moz-do-not-send="true"
href="http://dhcp.example.com" target="_blank">dhcp.example.com</a>
rather than a zone you care<br>
about.<br>
> Consider you have a domain controller called <a
moz-do-not-send="true" href="http://x.example.com"
target="_blank">x.example.com</a>, and you<br>
> allow DDNS to <a moz-do-not-send="true"
href="http://example.com" target="_blank">example.com</a>.
If someone set their hostname to x, they<br>
> could take over the DNS records for your DC.
Better to have a second<br>
> zone to prevent this.<br>
><br>
> --<br>
> William Brown <<a moz-do-not-send="true"
href="mailto:william@firstyear.id.au">william@firstyear.id.au</a>><br>
><br>
> _______________________________________________<br>
> Freeipa-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
><br>
> _______________________________________________<br>
> Freeipa-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
<br>
--<br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IdM portfolio<br>
Red Hat, Inc.<br>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>