[Freeipa-users] Using FreeIPA with AWS EC2

[Simo Sorce]

On Thu, 2012-01-12 at 12:50 -0600, Jeff White wrote:
> It is with the hostname requirements.  AWS EC2 normally gives you a
> dynamic IP address, which then you can update DNS records with.  The
> reverse lookup on the IP is still the aws IP address in a text form,
> not the proper reverse.  The documentation says:
> 
> 
>         The reverse of the address that the hostname resolves to must
>         match the hostname. 

Nod.

> Now I can get a nailed up elastic IP address which does not change,
> and if I put in a request I can get the reverse IP to map.  The
> problem with that is there is a finite number of elastic IP addresses
> you can request - 5 - without begging for more.  I'd rather not use
> them up.

It is indeed recommended for the freeipa server to have a fixed IP
address with proper A/AAAA and PTR records set.

> 
> Can I get around this issue if I have my own DNS server running on the
> same machine?

Yes, if you use the --setup-dns switch the install script will set up a
DNs server for you. There you can mamage both direct and reverse zones
if you wish. All you need to do is to make sure forwarders redirect to
the amazon provided DNSs so you can resolve other domain names and then
point all your clients at your own DNS server on the freeipa server.

This should make it easier to handle the requirements.

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York