[Freeipa-users] Re: Setup AD Trust without DNS resolution from AD

I am trying to spin up a new 2-node cluster in my lab environment. I have FreeIPA installed, and can login to the web UI. At this point, I’m trying to establish a trust with AD: ipa trust-add --type=ad example.net --admin administrator Based on the errors I was getting with that command’s stdout and subsequent research, it occurred to me that I don’t have DNS resolution to our corporate internal DNS from my lab environment. As this is a lab environment, I really don’t care about best practices (although I do eventually want to get corporate DNS resolution into my lab, that’s likely not happening until January given the holidays… and I need to make progress on this project if at all possible). Is it possible to set the required AD records into `/etc/hosts` on each of the (2) nodes?

And/or since I already have IdM installed with DNS services, is it possible for me to go into the web UI, and create a new DNS zone in there for the upstream AD environment? Here are the records I’ve entered into my /etc/hosts file on the master FreeIPA server that I’m trying to use to establish the trust (As you can see, we have 4 AD servers, so I have set the “A” record in /etc/hosts four different times): Idm-node-1.fiberlab.example.net Idm-node-2.fiberlab.example.net example.net example.net example.net example.net _kerberos._tcp.example.net _kerberos._tcp.example.net _kerberos._tcp.example.net _kerberos._tcp.example.net _kerberos._udp.example.net _kerberos._udp.example.net _kerberos._udp.example.net _kerberos._udp.example.net