On Wed, Jan 06, 2021 at 11:52:51AM -0500, Rob Crittenden via FreeIPA-users wrote:
Dominik Vogt via FreeIPA-users wrote:
> We've set up an ipa-server without DNS, using an /etc/hosts file,
> as was suggested in an older thread:
>
>
https://www.mail-archive.com/freeipa-users@lists.fedorahosted.org/msg1099...
>
> There's no DNS at all available, and /etc/nsswitch contains the
> defaults ("hosts: files dns myhostname", but it's the same if I
> change that to just "hosts: files" and remove /etc/rsolv.conf).
>
> Ipa commands all take 30 seconds, but fine eventually. E.g.
>
> $ ipa user-find --all
>
> Strace shows that the process is sending a request to the DNS port
> on the ip address configured in /etc/resolv.conf, or 127.0.0.1 if
> that file does not exist. he conents of nsswitch.conf are
> ignored.
>
> So, how can this be fixed? Do we have to set up DNS to run the
> ipa-server?
ipa commands run where? On the server or a client?
On the server.
So you are trying to use this in a completely DNS-free environment?
I've done a lot of development in the past with the IPA servers only in
/etc/hosts but I don't believe I've done much if any completely DNS-free.
If that's not tested I've no problem with that. Just hoped we
could spare the additional complexity of hardening a DNS
installation.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt