On 03/05/2015 12:41 PM, Andrew Holway wrote:
Hello,
We're working on a plan to spin up a bunch of private networks around
the globe and we would like to use freeipa as our domain controller.
I'm trying to work out how we do DNS. Actually, more specifically,
making sure that hosts are authenticating against its local freeipa.
Each regional domain controller should be replicating with the other
regional domain controllers however how do we tell machines in the US
to auth against the US freeipa and the EU machines to auth against the
EU freeipa.
If we point the DNS in our machines to the US freeipa will that
freeipa respond with SRV records for itself?
FreeIPA does not support DNS sites yet.
https://fedorahosted.org/freeipa/ticket/2008
https://fedorahosted.org/bind-dyndb-ldap/ticket/126
<https://fedorahosted.org/bind-dyndb-ldap/ticket/126#>
It is in plans for the next release but as a stretch goal.
For now the work around would be to have an explicit set of servers
configured on the clients. You will loose a bit of agility if you plan
to deploy replicas dynamically but if you do not plan to do that static
server list might be a work around for now.
Thanks,
Andrew
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
