Awesome, adding the grant line with my key (DDNS_UPDATE) did the trick. This makes it perform exactly like old config.
Thanks for the help. Someone should put this example in the docs. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of William Brown Sent: Thursday, April 3, 2014 3:29 PM To: [email protected] Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote: > That would be my preference, would then work same as bind/dhcpd before > switching to ipa. I just dont know how to do it correctly. > > This assumes dhcp and named are on the same system. For an unrelated project I wrote some docs here: http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-network And the example config files referenced are: https://github.com/micolous/tollgate/tree/master/docs/example/fedora The important parts are: rndc-confgen -a -r keyboard -b 256 chown named:named /etc/rndc.key In named.conf add after the options section: include "/etc/rndc.key"; In the zone (In ipa you will need to add this permission) grant rndc-key wildcard * ANY; Then in dhcpd: include "/etc/rndc.key"; And to the dhcpd range: zone dhcp.example.lan. { primary 127.0.0.1; key "rndc-key"; } zone 0.4.10.in-addr.arpa. { primary 127.0.0.1; key "rndc-key"; } This should coexist peacefully with freeipa, but try to make sure your DDNS updated zone is say dhcp.example.com rather than a zone you care about. Consider you have a domain controller called x.example.com, and you allow DDNS to example.com. If someone set their hostname to x, they could take over the DNS records for your DC. Better to have a second zone to prevent this. -- William Brown <[email protected]> _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
