If this http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update is it, then it is quite not easy to understand what is it about. here, in mail-list it was much more understandable.
10.04.2014 00:20, Dmitri Pal ?????: > On 04/09/2014 11:58 AM, Andy Tomlin wrote: >> Ok, I added a howto page > > Thanks > Martin, should be link it from HowTo page? >> >> >> On Fri, Apr 4, 2014 at 5:51 PM, Andy Tomlin <[email protected] >> <mailto:[email protected]>> wrote: >> >> Remove foot from mouth... sure. >> >> -----Original Message----- >> From: [email protected] >> <mailto:[email protected]> >> [mailto:[email protected] >> <mailto:[email protected]>] On Behalf Of Dmitri Pal >> Sent: Friday, April 4, 2014 4:45 PM >> To: [email protected] <mailto:[email protected]> >> Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA >> >> On 04/03/2014 07:50 PM, Andy Tomlin wrote: >> > Awesome, adding the grant line with my key (DDNS_UPDATE) did the >> > trick. This makes it perform exactly like old config. >> > >> > Thanks for the help. Someone should put this example in the docs. >> >> Would you mind writing a HowTo on our wiki? >> >> > >> > -----Original Message----- >> > From: [email protected] >> <mailto:[email protected]> >> > [mailto:[email protected] >> <mailto:[email protected]>] On Behalf Of William Brown >> > Sent: Thursday, April 3, 2014 3:29 PM >> > To: [email protected] <mailto:[email protected]> >> > Subject: Re: [Freeipa-users] DDNS with DHCPD and IPA >> > >> > On Thu, 2014-04-03 at 11:02 -0700, Andy Tomlin wrote: >> >> That would be my preference, would then work same as bind/dhcpd >> >> before switching to ipa. I just dont know how to do it correctly. >> >> >> >> >> > This assumes dhcp and named are on the same system. >> > >> > For an unrelated project I wrote some docs here: >> > >> > >> http://tollgate.readthedocs.org/en/3.0.1/fedora-deploy.html#core-netwo >> > rk >> > >> > And the example config files referenced are: >> > >> > >> https://github.com/micolous/tollgate/tree/master/docs/example/fedora >> > >> > The important parts are: >> > >> > rndc-confgen -a -r keyboard -b 256 >> > chown named:named /etc/rndc.key >> > >> > In named.conf add after the options section: >> > >> > include "/etc/rndc.key"; >> > >> > In the zone (In ipa you will need to add this permission) >> > >> > grant rndc-key wildcard * ANY; >> > >> > Then in dhcpd: >> > >> > >> > include "/etc/rndc.key"; >> > >> > And to the dhcpd range: >> > >> > >> > zone dhcp.example.lan. { >> > primary 127.0.0.1; >> > key "rndc-key"; >> > } >> > >> > >> > zone 0.4.10.in-addr.arpa. { >> > primary 127.0.0.1; >> > key "rndc-key"; >> > } >> > >> > >> > This should coexist peacefully with freeipa, but try to make >> sure your >> > DDNS updated zone is say dhcp.example.com >> <http://dhcp.example.com> rather than a zone you care >> about. >> > Consider you have a domain controller called x.example.com >> <http://x.example.com>, and you >> > allow DDNS to example.com <http://example.com>. If someone set >> their hostname to x, they >> > could take over the DNS records for your DC. Better to have a >> second >> > zone to prevent this. >> > >> > -- >> > William Brown <[email protected] >> <mailto:[email protected]>> >> > >> > _______________________________________________ >> > Freeipa-users mailing list >> > [email protected] <mailto:[email protected]> >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> > >> > _______________________________________________ >> > Freeipa-users mailing list >> > [email protected] <mailto:[email protected]> >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
