[Freeipa-users] FreeIPA's 'DNS'

Dmitri Pal dpal at redhat.com
Mon Nov 21 19:44:50 UTC 2011 

On 11/21/2011 02:15 PM, Steven Jones wrote:
> Hi,
>
> I am trying a few things, after packet sniffing I can see that the Windows AD is refusing to answer the IPA server's queries but just for that particular reverse zone.....so I have a change control / fault ticket into our control system for our MS operations ppl to look at and fix that....
>
> I did consider just putting such a setting in named.conf, but was concerned that it was  not the "right way".  At the moment I have created a reverse zone inside IPA.....when I get the above config/fault issue fixed...moving forward I would like to do as much as possible inside the FreeIPA gui because the thought of letting our Windows ppl near a CLI gives me the shivers....
>
> I have no idea how to do a doc ticket?  but I do think the DNS section of the FreeIPA doc needs expanding.  
>
You can open a BZ bug against IPA or log a ticket against freeIPA here
https://fedorahosted.org/freeipa/
See the link it actually has all the instructions on how to report a bug
right on the home page.


> Also some use cases, my one could well be typical of the hoops a customer has to jump through to make IPA work with an existing AD setup/site....Im not sure if what I am doing is the best way....
>
>

Would be great if you could find some time to record these hoops and
what you had to deal with in a step by step list. That would help us to
find it a good place in the docs or wiki.

Thank you
Dmitri

> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
> Sent: Tuesday, 22 November 2011 5:50 a.m.
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FreeIPA's 'DNS'
>
> On 11/21/2011 05:29 AM, Sigbjorn Lie wrote:
>> Hi,
>>
>> Why not use a forwarders statement in the named.conf? Works for me.
>>
>>
>> zone "11.168.192.in-addr.arpa." in {
>>         type forward;
>>         forwarders { 192.168.1.1; 192.168.1.2; };
>> };
>>
> Steven,
>
> Can you please confirm that it works for you?
> In short term we should document this so if it works can you pleas ope a
> doc ticket or BZ?
>
>
> Long term we should probably extend LDAP driver  and store this
> information in the LDAP and allow it to be configured via IPA UI/CLI.
> If this makes sense let us open a ticket for that too.
>
> Thanks
> Dmitri
>
>>
>> Rgds,
>> Siggi
>>
>>
>>
>> On Mon, November 21, 2011 00:56, Steven Jones wrote:
>>> nope wont work.....I cant seem to specify the remote AD nameservers....
>>>
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>>
>>> Victoria University, Wellington, NZ
>>>
>>>
>>> 0064 4 463 6272
>>>
>>>
>>> ________________________________________
>>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven
>>> Jones [Steven.Jones at vuw.ac.nz]
>>> Sent: Monday, 21 November 2011 12:52 p.m.
>>> To: freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] FreeIPA's "DNS"
>>>
>>>
>>> In the DNS tab there is a "add"
>>>
>>>
>>> So if I wanted a slave reverse zone that is in the range 10.2.1.0 but looked after by a remote
>>> host
>>>
>>> I would
>>>
>>>
>>> click on the reverse zone IP network radio button
>>>
>>> put in the zone name of 0.1.2.10.in-addr-arpa
>>>
>>> For the authoritative nameserver put in the two remote AD DNS server's IPs  10.2.1.5 10.2.1.6
>>> (space delimited? comma delimited? can I put only one?)
>>>
>>>
>>> and hit add?
>>>
>>> um.....I think the DNS section is a little light on using it.....
>>>
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>>
>>> Victoria University, Wellington, NZ
>>>
>>>
>>> 0064 4 463 6272
>>>
>>>
>>> ________________________________________
>>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven
>>> Jones [Steven.Jones at vuw.ac.nz]
>>> Sent: Monday, 21 November 2011 12:38 p.m.
>>> To: freeipa-users at redhat.com
>>> Subject: [Freeipa-users] FreeIPA's "DNS"
>>>
>>>
>>> Hi,
>>>
>>>
>>> I am trying to get my head around making DNS and IPA work in an existing microsft AD / DNS site.
>>>
>>>
>>> Initially I am setting up a proof of concept.......I will be delegating the unix.vuw.ac.nz as a
>>> sub-zone from vuw.ac.nz, this will hold all the Linux/unix servers.  IPA's DNS is forwarded to
>>> the main DNS servers.    My problem is the reverse zones....the remote AD masters hold the
>>> reverse zones so IPA has to query these if it needs to do a reverse lookup....this doesnt seem to
>>> be happening ie running "host 10.1.1.5" on the IPA master fails...I assume I need this to
>>> work...so whats the best way?
>>>
>>> Set the IPA DNS service as a slave of the microsoft AD reverse zones? If so how do I set this up?
>>> as per normal ie edit the named.conf directly? or do I do that from inside IPA?  (cant see how
>>> just yet)
>>>
>>> or is there a better method?
>>>
>>> or does it matter if reverse lookups wont work?
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>>
>>> Victoria University, Wellington, NZ
>>>
>>>
>>> 0064 4 463 6272
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list