Hello

Not sure if this is more a generic DNS question or not ...

We run FreeIPA 4.6.4 on a RHEL7.6 clone, we do not use FreeIPA DNS and we currently do not use DNS discovery. I have read this: https://www.freeipa.org/page/Howto/IPA_locations and am comfortable configuring split view DNS records.

As we depoy more sites. I am looking to move to using DNS discovery, however we use site specific DNS domains (rightly or wrongly with a private TLD ... cross that bridge when we come to it ...) such as:

site1.blah

site2.blah

which is different from the given example of example.com being used across all sites.

Our Realm Domain is blah - I have put the location based DNS records immediately under .blah.

In testing, I see ipa clients initially query DNS for SRV records under site1.blah - when that fails the clients then perform a second DNS query for SRV records under .blah - which works and my test outcome is good - the setup works!

Is it safe for me to assume that this process will remain the same for future IDM client versions? My concern is that if future versions neglect the second-attempt DNS discovery lookup (under .blah) then my setup will break.

Thanks for any pointers

Angus