[Freeipa-users] Re: Integrated DNS - best solution to unique domain
As is often the case, ours was an operational experience decision - we already had a DNS which was already managed by my team. All the best Angus From: Daniel PC via FreeIPA-users Sent: 16 January 2020 16:19 To: freeipa-users@lists.fedorahosted.org Cc: Daniel PC Subject: [Freeipa-users] Re: Integrated DNS - best solution to unique domain Ok but I'm thinking to this: "there is tight integration between DNS and native IdM tools which enables automating some of the DNS record management". Your choice is not a bad idea but my first option is to use IdM DNS integrated. Thank you ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Integrated DNS - best solution to unique domain
Jones, Bob (rwj5d) via FreeIPA-users wrote: > We implemented Red Hat IDM with completely external DNS. You just need to > make sure the correct DNS entries are in place and everything works fine. Yep. The warning in the documentation is because not every single possible DNS record is supported and some use cases, like views, are not implemented. The common record types are there, A, , CNAME, PTR, SRV, TXT, etc. It is built on top of bind after all. It might be worth a few test installs to see if it will do what you want. It can be convenient to use the IPA DNS as some things can be automated more easily (like clients registering themselves to DNS when they enroll). rob > > — > Bob Jones > Lead Linux Services Engineer > ITS ECP - Linux Services > >> On Jan 16, 2020, at 10:03 AM, Daniel PC via FreeIPA-users >> wrote: >> >> Hi, >> >> Red Hat strongly recommends IdM-integrated DNS for basic usage within the >> IdM deployment but at the same time declares "It does not support >> some of the advanced DNS features" and must be used only for IdM purposes. >> >> I have a DNS for a domain that resolves names to Linux hostnames, VIPs, >> application names, databases scan, and more. >> From my understanding, IdM must resolve DNS only for hostnames. Other >> services should be delegated to a true DNS server. >> >> I understand that it's not normal the use of two DNS for one domain, but in >> my case how can I build my DNS system? >> Any advice? >> >> Thank you >> >> DC >> >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Integrated DNS - best solution to unique domain
We use FreeIPA as our DNS masters and have plain bind servers slaving off of them. As far as missing features, the only thing we had to give up was DNS views but we were never using them anyway and they're generally discouraged. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Integrated DNS - best solution to unique domain
Ok but I'm thinking to this: "there is tight integration between DNS and native IdM tools which enables automating some of the DNS record management". Your choice is not a bad idea but my first option is to use IdM DNS integrated. Thank you ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Integrated DNS - best solution to unique domain
We implemented Red Hat IDM with completely external DNS. You just need to make sure the correct DNS entries are in place and everything works fine. — Bob Jones Lead Linux Services Engineer ITS ECP - Linux Services > On Jan 16, 2020, at 10:03 AM, Daniel PC via FreeIPA-users > wrote: > > Hi, > > Red Hat strongly recommends IdM-integrated DNS for basic usage within the IdM > deployment but at the same time declares "It does not support > some of the advanced DNS features" and must be used only for IdM purposes. > > I have a DNS for a domain that resolves names to Linux hostnames, VIPs, > application names, databases scan, and more. > From my understanding, IdM must resolve DNS only for hostnames. Other > services should be delegated to a true DNS server. > > I understand that it's not normal the use of two DNS for one domain, but in > my case how can I build my DNS system? > Any advice? > > Thank you > > DC > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org smime.p7s Description: S/MIME cryptographic signature ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
