[Pdns-users] pdns << free-ipa with external dns
stancs3
scruise56 at gmail.com
Thu Feb 23 03:25:58 UTC 2017
This starts as a free-ipa subject but ends in a pdns question, with
some in-addr.arpa delegation mysteries.
I am setting up free-ipa with an *external* dns server,
ns1.example.com.
(ref: Red_Hat_Enterprise_Linux-7-
Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf;
Section 2.3.4 Installing a Server Without Integrated DNS)
I installed all records using poweradmin.
RHEL7 documentation indicates to:
a) create a subdomain on the external dns server for the host on which
free-ipa is installed.
To this end I assumed that the records required are:
in master zone: example.com
ipa.example.com NS ns7.ipa.example.com
ns7.ipa.example.com A 192.168.1.15 #glue
in native zone: 1.168.192.in-addr.arpa:
15.1.168.192.in-addr.arpa PTR ns7.ipa.example.com
**And not required is the delegation any in-addr.arpa zones, because I
am not delegating the management of dns to the ipa host (noted
above).**
b_1) on host ns7.ipa.example.com on which free-ipa is installed, be
able to dig the fqdn of the host and receive its ip address.
b_2) on host ns7.ipa.example.com on which free-ipa is installed, be
able to dig the ip address of ns7.ipa.example.com, and receive the fqdn
of host ns7.ipa.example.com.
With the records installed as in a) above, I can do b_1) and b_2).
c) So I proceeded with the free-ipa install. It worked smoothly.
d) Then I added all the SRV records that free-ipa provides from the
install.
These I entered into the master zone: example.com.
>> free-ipa appears to work! But it's just a start; no clients yet.
My questions:
1. Is my placement of records in the master zones of example.com
correct? .....
2. instead of creating a new master subdomain zone of ipa.example.com;
but would that be correct, or just for convenience?
3. Forward and reverse dig works on ns7.ipa.example.com so the free-ipa
installer was happy. But am I missing something regarding the
delegation?
4. My references are RHE7 ref above, DNS and BIND Cookbook, Zytrax dns
for rocket scientists, and Adamw's 'happyassassin' blog of 2013:
"Where's my FreeIPA badge?".
With the exception of Adamw, all references and other blogs get mired
deeply in delegation of in-addr.arpa zones, CNAMES, etc. I don't think
I care because I am retaining dns management in example.com. I am not
delegating ip ranges for management by free-ipa.
Is my assessment true?
5. I guess I am suspicious that free-ipa installed so easily; I don't
want to get way downstream and then find out that dns was a mess to
begin with.
Cheers,
Stan
More information about the Pdns-users
mailing list