Ok, I added a howto page
On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <[email protected]> wrote: > Remove foot from mouth... sure. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Dmitri Pal > Sent: Friday, April 4, 2014 4:45 PM > To: [email protected] > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA > > On 04/03/2014 07:50 PM, Andy Tomlin wrote: > > Awesome, adding the grant line with my key (DDNS_UPDATE) did the > > trick. This makes it perform exactly like old config. > > > > Thanks for the help. Someone should put this example in the docs. > > Would you mind writing a HowTo on our wiki? > > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of William Brown > > Sent: Thursday, April 3, 2014 3:29 PM > > To: [email protected] > > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA > > > > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote: > >> That would be my preference, would then work same as bind/dhcpd > >> before switching to ipa. I just dont know how to do it correctly. > >> > >> > > This assumes dhcp and named are on the same system. > > > > For an unrelated project I wrote some docs here: > > > > http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo > > rk > > > > And the example config files referenced are: > > > > https://github.com/micolous/tollgate/tree/master/docs/example/fedora > > > > The important parts are: > > > > rndc-confgen -a -r keyboard -b 256 > > chown named:named /etc/rndc.key > > > > In named.conf add after the options section: > > > > include "/etc/rndc.key"; > > > > In the zone (In ipa you will need to add this permission) > > > > grant rndc-key wildcard * ANY; > > > > Then in dhcpd: > > > > > > include "/etc/rndc.key"; > > > > And to the dhcpd range: > > > > > > zone dhcp.example.lan. { > > primary 127.0.0.1; > > key "rndc-key"; > > } > > > > > > zone 0.4.10.in-addr.arpa. { > > primary 127.0.0.1; > > key "rndc-key"; > > } > > > > > > This should coexist peacefully with freeipa, but try to make sure your > > DDNS updated zone is say dhcp.example.com rather than a zone you care > about. > > Consider you have a domain controller called x.example.com, and you > > allow DDNS to example.com. If someone set their hostname to x, they > > could take over the DNS records for your DC. Better to have a second > > zone to prevent this. > > > > -- > > William Brown <[email protected]> > > > > _______________________________________________ > > Freeipa-users mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > > Freeipa-users mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
